Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Failover IPSec - sasyncd.conf is missing

    IPsec
    4
    6
    3225
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      borki last edited by

      Hello

      I have set up two pfense firewalls in a redundant manner (active / failover with CARP) - everything works fine.

      Now I have configured an IPSec tunnel to my home network. The configuration is synced to the failover device
      and I entered the public CARP IP in the failover configuration. The tunnel is working.

      Checking on the shell, there is no sasyncd.conf and the sasyncd daemon is not running.. Am I missing something important?
      Or is this a bug?

      Regards,
      Reto

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        Sasyncd is not finished being ported.  The failover IPSEC function enforces racoon to live on a specific IP such as a CARP ip so that the IPSEC tunnels can failover after re-negotiating the tunnels.

        If someone wants to port the sysctl sasyncd portion to FreeBSD then we could get this working but until then, we are stuck with this.

        1 Reply Last reply Reply Quote 0
        • B
          borki last edited by

          Hi everyone

          I am right now not familiar with this tools - is there some description what needs to be done to get this working? Maybe a bounty would help?

          BTW. There is another thing with IPsec and syncing config via XMLRCP to another pfSense: It is not possible to use "german umlauts" in shared secrets -> this produces an error while syncing (not wellformed XML on line xxx)

          Regards,
          Reto

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            the german umlaut problem is a know limitation, simply don't use them  ;)

            1 Reply Last reply Reply Quote 0
            • J
              jeroen234 last edited by

              if you don't see it in on a keybord then don't use it as a password

              1 Reply Last reply Reply Quote 0
              • B
                borki last edited by

                i can see it on my keyboard, so I use them :-)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post