IPsec unstable when configured on CARP VIP (2.2.4)
-
I have been searching for someone with a similar issue/setup but unable to find anything so far.
I am bringing a new Data Centre online and installed two new pfSense boxes running 2.2.4 (fresh install) that are running CARP. Everything is running great until I tried configuring the IPsec tunnels.
I created the IPsec tunnel to use the CARP VIP and changed the MY IDENTFIER to be the CARP VIP. The tunnel connects however I have noticed 20-25% packet loss and the outages are about 10 seconds just over the tunnel (the WAN connection is rock solid).
When I switch the tunnels back to use the WAN IP everything is stable like it should be.
Not sure if this is a 2.2.X issue or a config issue and want to try and isolate before making the trip to the Data Centre to revert to 2.1.5. I have tried all the various config changes and adjustments I could find relating to IPsec and 2.2.X.
Thanks!
-
Verify there is not something with a matching CARP or VRRP vhid on the network.
-
Sometimes you need a second set of virtual eyes :)
I changed the VHID (still waiting for the Data Centre to assign/confirm a VHID I can use) and so far it seems stable.
You would think I would remember this from the last time we had a similar unstable connection which turned out to be the same problem.
Thanks for the assistance.
