Failover IPSec - sasyncd.conf is missing

  • Hello

    I have set up two pfense firewalls in a redundant manner (active / failover with CARP) - everything works fine.

    Now I have configured an IPSec tunnel to my home network. The configuration is synced to the failover device
    and I entered the public CARP IP in the failover configuration. The tunnel is working.

    Checking on the shell, there is no sasyncd.conf and the sasyncd daemon is not running.. Am I missing something important?
    Or is this a bug?


  • Sasyncd is not finished being ported.  The failover IPSEC function enforces racoon to live on a specific IP such as a CARP ip so that the IPSEC tunnels can failover after re-negotiating the tunnels.

    If someone wants to port the sysctl sasyncd portion to FreeBSD then we could get this working but until then, we are stuck with this.

  • Hi everyone

    I am right now not familiar with this tools - is there some description what needs to be done to get this working? Maybe a bounty would help?

    BTW. There is another thing with IPsec and syncing config via XMLRCP to another pfSense: It is not possible to use "german umlauts" in shared secrets -> this produces an error while syncing (not wellformed XML on line xxx)


  • the german umlaut problem is a know limitation, simply don't use them  ;)

  • if you don't see it in on a keybord then don't use it as a password

  • i can see it on my keyboard, so I use them :-)

Log in to reply