I did just setup a redundant gateway usinf pfsense 1.2 with carp, dual wan, … the perfect setup ;)
I now need to have redundancy over my VPNs (ipsec) and currently considering two options:
- Buying an expensive piece of CISCO hardware (ASA 5520)
- Getting this job done by pfsense (which is my favorite choice).
I digged a bit on the filesystem and noticed there were some files about sasyncd, but not the /usr/local/sbin/sasyncd binary
Can please anyone explain me if it has been removed, dropped, ... ?
sasyncd does not have the needed kernel bits. However, when our hosts fail via CARP our VPNS renegotiate immediately and I generally do not loose traffic even without sasyncd. Give it a try.
I tried it before posting ;)
The setup is:
2 pfsense box in HA mode (carp failover public ip) and a remote end with a single linux server running openswan.
I lost traffic for about 10 mins since the vpns didn't renegociate before.
Did I miss something somewhere ?