IPSEC / CARP - Re-Keys on failover



  • Hi,

    We recently configured PFSense is a HA (Active/Passive) setup, where IPSEC is done to a CARP interface. When the firewall is failed-over to the secondary node the VPN's all re-key.

    My question is;

    Is there a way to avoid this?
    Is this a limitation of the PFSense IPSEC / CARP implimentation?

    Thanks