4. IPSec with WAN CARP fails on 1.2.3

IPSec with WAN CARP fails on 1.2.3

  • M

    Hi all,

    I have a pfsense cluster running CARP (master/slave) on the WAN interface.

    I successfully set up an IPSec tunnel with pfsense1 and a remote Checkpoint cluster using My Identfier -> My IP address.
    I then configured the tunnel to use the WAN CARP IP (My Identifier -> IP address),
    also on remote Checkpoint I changed the physical ip of pfsense to CARP IP.

    Result, tunnel won't come up.

    I filtered the Checkpoint log for traffic originating from pfsense WAN CARP IP…no records found.
    I run a packet capture on the primary pfsense WAN interface filtering Checkpoints remote ip address and got a lot of IKE packets originating from pfsense local ip address not the CARP IP.

    I also tried to setup a separate CARP IP for IPSec but nothing changed. Packet capture still shows packets from the local ip address.

    Can someone help me, please?

    0
  • Rebel Alliance Developer Netgate

    Did you change the "interface" to be the CARP VIP? Or did you just change the Identifier?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy