IPSec continuity and CARP/HA



  • Hello,

    I have 2 instances of pfsense in CARP/HA; I notices that when I update something in the master node, say for example a rule in the NAT, if there is an ipsec tunnel enabled, this become disabled and so the ipsec connection goes down.
    Maybe it is a wrong configuration, because I have the master node in the CARP (I called it pfs1) but the update to the rules, for example, are only propagated if I do it in the second node (pfs2); I suppose I can change this behavior setting the "Configuration Synchronization Settings" in the master node and not in the second, but however the question is if this make the continuity of the ipsec tunnel when I update something.

    --
    Regards



  • Hello,

    resolved by move the "Configuration Synchronization Settings (XMLRPC Sync)" on the pfs1 that it is also the Master node.