Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding a IPSEC VPN causes other IPSEC VPN's to drop briefly

    Scheduled Pinned Locked Moved IPsec
    8 Posts 6 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jnickel
      last edited by

      We have many IPSec VPN's (over 50) and we are always adding new ones.

      We monitor clients and manage client networks over these VPN's.

      When I add a new one, all the other ones are dropped and then slowly come back up.  I have also used IPCop/Linux and I know that it can add new IPSec VPN's without dropping the existing ones.

      Is there anything that I can do to keep the existing VPN's up while adding a new one?

      I have thought about a HA cluster, but because that is active/passive, my understanding is that it wouldn't be seamless - there would be a outage there too and the VPN's would have to re-establish on the 2nd node.

      Any suggestions or does this need to be a feature request for the future?

      Thanks,

      Jim

      1 Reply Last reply Reply Quote 0
      • G
        geewhz01
        last edited by

        I'll second this request, I'd love to be able to add ipsec tunnels without it affecting the others.

        Andy

        1 Reply Last reply Reply Quote 0
        • E
          EmL
          last edited by

          Coming from m0n0, changed to great pfSense and used it over years till now, but this is the major reason why we have changed our pfsense at the company main headquarter against a cisco asa. At the co-locations still working pfsense and doing a very good job there.

          Before i had only 5 VPNs to co-locations of our company. But now i have to setup a new vpn every week to new customers … so i run in same situation ...

          May be you are in luck, and the devs change that behavior in future - that would be a great feature! But next version is 2.0 ... and its ready when its ready - i think minimum one year ,)

          EmL

          1 Reply Last reply Reply Quote 0
          • G
            geewhz01
            last edited by

            Wonder how long a change like this would take, perhaps move this to bounty as I'd be willing to chip in.

            Andy

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Feature request opened.
              http://cvstrac.pfsense.org/tktview?tn=1836

              feel free to start a bounty.

              1 Reply Last reply Reply Quote 0
              • D
                databeestje
                last edited by

                This requires a significant amount of coding to fix.

                This might happen in the near future. Read 2009.
                Money can make it go faster :-)

                1 Reply Last reply Reply Quote 0
                • J
                  jnickel
                  last edited by

                  How many $ would it take to make this happen sooner than later?

                  Jim

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    This bounty has been completed:
                    http://forum.pfsense.org/index.php/topic,12648.0.html

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.