Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP is not set in IPSec configuration

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 357 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisT
      last edited by

      Hi all, I have set up an IPSec tunnel with Azure. In the Interface field I initially specified the interface which has the VIP address of my cluster. When I connect, all is fine and everything works perfect.

      Though, at the same time I have created a failover Gateway Group because I use a dual WAN. This group I am using it as the Default Gateway of my system.

      Now, if I go back to the IPSec tunnel and instead of the interface with VIP address, I set the Gateway Group, then I notice that the IPSec tunnel never connects, because it is using the physical IP address instead of the VIP. I am going in the ipsec.conf and I can confirm that instead of the VIP, the leftid is the IP address of the physical interface of node 1 in the cluster.

      Any idea why this happens? Do I do anything wrong in my configuration?

      Thank you

      1 Reply Last reply Reply Quote 0
      • C
        ChrisT
        last edited by

        OK, the solution is that in the failover security group, in the "Interface Address" field, I had to specify the VIP address. When I did this, then the right IP was showed in the config file.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.