Failover IPSec - sasyncd.conf is missing



  • Hello

    I have set up two pfense firewalls in a redundant manner (active / failover with CARP) - everything works fine.

    Now I have configured an IPSec tunnel to my home network. The configuration is synced to the failover device
    and I entered the public CARP IP in the failover configuration. The tunnel is working.

    Checking on the shell, there is no sasyncd.conf and the sasyncd daemon is not running.. Am I missing something important?
    Or is this a bug?

    Regards,
    Reto



  • Sasyncd is not finished being ported.  The failover IPSEC function enforces racoon to live on a specific IP such as a CARP ip so that the IPSEC tunnels can failover after re-negotiating the tunnels.

    If someone wants to port the sysctl sasyncd portion to FreeBSD then we could get this working but until then, we are stuck with this.



  • Hi everyone

    I am right now not familiar with this tools - is there some description what needs to be done to get this working? Maybe a bounty would help?

    BTW. There is another thing with IPsec and syncing config via XMLRCP to another pfSense: It is not possible to use "german umlauts" in shared secrets -> this produces an error while syncing (not wellformed XML on line xxx)

    Regards,
    Reto



  • the german umlaut problem is a know limitation, simply don't use them  ;)



  • if you don't see it in on a keybord then don't use it as a password



  • i can see it on my keyboard, so I use them :-)


Locked