Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote IPSec not restarting when primary WAN comes back on-line

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 528 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MatthewH
      last edited by

      I'm using pfSense 2.1.5. I can upgrade to 2.2.0 if it'll help.

      I just setup an IPSec connection to a remote pfSense box to failover to our 2nd WAN when the 1st goes down and I'm testing it. The "Force IPsec Reload on Failover" option is checked on both machines. When I unplug WAN 1, IPSec did eventually failover to WAN2. I then plugged WAN2 back in and had a problem. The local multi-wan box restarted racoon. The remote box didn't. I ended up with a bunch of these errors on the remote machine:
      racoon: [NJ]: […(1st WAN)] ERROR: exchange Identity Protection not allowed in any applicable rmconf.
      and a number of these errors on the local machine:
      racoon: [Florida]: INFO: initiate new phase 1 negotiation: (1st WAN) [500]<=>(remote machine IP) [500]
      When I restarted racoon on the remote machine everything started working fine, but I need this to work automatically for when I'm not around.
      Any suggestions what I can do about this?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.