Adding a IPSEC VPN causes other IPSEC VPN's to drop briefly



  • We have many IPSec VPN's (over 50) and we are always adding new ones.

    We monitor clients and manage client networks over these VPN's.

    When I add a new one, all the other ones are dropped and then slowly come back up.  I have also used IPCop/Linux and I know that it can add new IPSec VPN's without dropping the existing ones.

    Is there anything that I can do to keep the existing VPN's up while adding a new one?

    I have thought about a HA cluster, but because that is active/passive, my understanding is that it wouldn't be seamless - there would be a outage there too and the VPN's would have to re-establish on the 2nd node.

    Any suggestions or does this need to be a feature request for the future?

    Thanks,

    Jim



  • I'll second this request, I'd love to be able to add ipsec tunnels without it affecting the others.

    Andy



  • Coming from m0n0, changed to great pfSense and used it over years till now, but this is the major reason why we have changed our pfsense at the company main headquarter against a cisco asa. At the co-locations still working pfsense and doing a very good job there.

    Before i had only 5 VPNs to co-locations of our company. But now i have to setup a new vpn every week to new customers … so i run in same situation ...

    May be you are in luck, and the devs change that behavior in future - that would be a great feature! But next version is 2.0 ... and its ready when its ready - i think minimum one year ,)

    EmL



  • Wonder how long a change like this would take, perhaps move this to bounty as I'd be willing to chip in.

    Andy



  • Feature request opened.
    http://cvstrac.pfsense.org/tktview?tn=1836

    feel free to start a bounty.



  • This requires a significant amount of coding to fix.

    This might happen in the near future. Read 2009.
    Money can make it go faster :-)



  • How many $ would it take to make this happen sooner than later?

    Jim




Locked