Failover IPSec - sasyncd.conf is missing
I have set up two pfense firewalls in a redundant manner (active / failover with CARP) - everything works fine.
Now I have configured an IPSec tunnel to my home network. The configuration is synced to the failover device
and I entered the public CARP IP in the failover configuration. The tunnel is working.
Checking on the shell, there is no sasyncd.conf and the sasyncd daemon is not running.. Am I missing something important?
Or is this a bug?
sullrich last edited by
Sasyncd is not finished being ported. The failover IPSEC function enforces racoon to live on a specific IP such as a CARP ip so that the IPSEC tunnels can failover after re-negotiating the tunnels.
If someone wants to port the sysctl sasyncd portion to FreeBSD then we could get this working but until then, we are stuck with this.
I am right now not familiar with this tools - is there some description what needs to be done to get this working? Maybe a bounty would help?
BTW. There is another thing with IPsec and syncing config via XMLRCP to another pfSense: It is not possible to use "german umlauts" in shared secrets -> this produces an error while syncing (not wellformed XML on line xxx)
hoba last edited by
the german umlaut problem is a know limitation, simply don't use them ;)
jeroen234 last edited by
if you don't see it in on a keybord then don't use it as a password
i can see it on my keyboard, so I use them :-)