IPSEC / CARP - Re-Keys on failover
We recently configured PFSense is a HA (Active/Passive) setup, where IPSEC is done to a CARP interface. When the firewall is failed-over to the secondary node the VPN's all re-key.
My question is;
Is there a way to avoid this?
Is this a limitation of the PFSense IPSEC / CARP implimentation?