CARP - IPSEC - failover - listen (500) in racoon.conf



  • Hello,

    now i set with an established carp cluster and ipsec syncronize enabled, the tab on ipsec failover to my carp wan ip. In the /var/etc/racoon.conf  at the top of the file it shows listen (isakmp "wan-carp" (500)); and i think it´s fine.

    I delete the wan carp ip and now it shows (isakmp "blank" (500); and i think, it is not OK, because all tunnels are down and not comes up….., also when i deleted the special config of the cluster.

    In the webgui the system logs shows on the tab "ipsecvpn" :

    racoon: ERROR: /var/etc/racoon.conf:2: "500" parse error

    This ist in the v.1.01 and also in the newest releng_snapshot version shown.

    Is it by design? or a litte bug?
    My Test-Tunnels comes not up..

    Very special greetings from Germany
    Heiko



  • This has been fixed in a recent snapshot.  Please upgrade.



  • I have upgraded to the snapshot from 27.02., but it is also the same behaviour,

    ??
    Heiko



  • Hello,
    with the build from 3. march, the failover adress is setting correctly when it is deleted.

    NOW, the failover IP ist not syncing to the backup carp member. Hm, the Ipsec tunnels syncing correctly.

    Greetings from Germany
    Heiko



  • I dont think we sync that value.  You will have to input the value on each cluster member.



  • Hi,

    OK, I understand, is it possible to sync this automatically? The manual setting is easily to forget.
    It would be a great help for my projects in Moskau, St. Petersburg and Switzerland.

    Bye, Heiko



  • @heiko:

    Hi,

    OK, I understand, is it possible to sync this automatically? The manual setting is easily to forget.
    It would be a great help for my projects in Moskau, St. Petersburg and Switzerland.

    Bye, Heiko

    Not at the moment, no.



  • Hello Scott,

    maybe later. It doesn't greatly matter.

    Greetings from Germany and special thanks for your help.

    Heiko


Log in to reply