IPSec with WAN CARP fails on 1.2.3
markus.schaefer last edited by
I have a pfsense cluster running CARP (master/slave) on the WAN interface.
I successfully set up an IPSec tunnel with pfsense1 and a remote Checkpoint cluster using My Identfier -> My IP address.
I then configured the tunnel to use the WAN CARP IP (My Identifier -> IP address),
also on remote Checkpoint I changed the physical ip of pfsense to CARP IP.
Result, tunnel won't come up.
I filtered the Checkpoint log for traffic originating from pfsense WAN CARP IP…no records found.
I run a packet capture on the primary pfsense WAN interface filtering Checkpoints remote ip address and got a lot of IKE packets originating from pfsense local ip address not the CARP IP.
I also tried to setup a separate CARP IP for IPSec but nothing changed. Packet capture still shows packets from the local ip address.
Can someone help me, please?
Did you change the "interface" to be the CARP VIP? Or did you just change the Identifier?