Carp and IPSec VPN problem



  • Hello,

    I am using 2 Pfsense boxes with a CARP configuration. So far this is working very good.

    Recently I added a IPSec VPN that was configured with a remote subnet of 0.0.0.0/0. This is a well-known VPN configuration, in order to route all LAN traffic through this tunnel.

    After I make this tunnel active, CARP is not working anymore. It looks like the sync-packets that are used to see if the pfsense is still alive are also routed through the VPN tunnel.
    The backup pfSense box does not receive these packets anymore, so it becomes the master in the LAN segment. Thus resulting in a LAN segment with two masters and resulting in a virtual LAN IP address, that cannot be reached anymore.

    What can I do to make this config working?