Pfsense 2.2.1 - CARP Address as IPsec VPN endpoint does not work

  • VPN connections using the WAN CARP Address as VPN endpoint can not be established.

    I've got two pfSense 2.2.1 virtual machines (GW_A, GW_B) running as an HA IPSec VPN Cluster (GW_AB).
    On WAN Interface a virtual IP (CARP IP) is bound. This IP should work as VPN endpoint address.
    GW_A:    WAN_IP=
    GW_B:    WAN_IP=
    GW_AB: CARP_IP=  - VPN Endpoint

    When configuring IPSec Connection "IPsec: Edit Phase 1", it's not possible to set or select the Local Gateway. The Local gateway IP Address will be automatically assigned and it's always the dedicated WAN Address, for example

    In /var/etc/ipsec/ipsec.conf the local IP looks like this:
    conn con1
    left =
    right =

    The assigned address is wrong.
    Incoming IKE traffic from remote gateway directed to does not match the IKE config. The requests are rejected.
    Here are the corresponding log events.
    charon: 15[NET] received packet: from[500] to[500] (440 bytes)

    charon: 15[IKE] no IKE config found for…, sending NO_PROPOSAL_CHOSE
    charon: 15[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]


    If it would be possible to set (or select) the entry of Local Gateway, a specific configuration for each connection could be configured. Here's the correct connection description in /var/etc/ipsec/ipsec.conf.

    conn con1
    left =
    right =

    How can I set the WAN CARP Address as an Local Gateway Address in one or all IPSec connetions?
    Is there an workaround to add CARP IP Address into ipsec.conf?
    If this has already been addressed, please provide info or link to the fix.

  • It works for me…...

    In the Phase 1, under "Interface", select the CARP IP that you want to use. Then under "My Identifier", select "IP Address" and enter the IP address for the CARP IP address you've selected above.

  • Thank You. That's the advice I needed. It works fine now.
    I've never looked up the list of local interfaces after setting the CARP Addresses.
    What a bad mistake…