IPsec unstable when configured on CARP VIP (2.2.4)



  • I have been searching for someone with a similar issue/setup but unable to find anything so far.

    I am bringing a new Data Centre online and installed two new pfSense boxes running 2.2.4 (fresh install) that are running CARP. Everything is running great until I tried configuring the IPsec tunnels.

    I created the IPsec tunnel to use the CARP VIP and changed the MY IDENTFIER to be the CARP VIP. The tunnel connects however I have noticed 20-25% packet loss and the outages are about 10 seconds just over the tunnel (the WAN connection is rock solid).

    When I switch the tunnels back to use the WAN IP everything is stable like it should be.

    Not sure if this is a 2.2.X issue or a config issue and want to try and isolate before making the trip to the Data Centre to revert to 2.1.5. I have tried all the various config changes and adjustments I could find relating to IPsec and 2.2.X.

    Thanks!



  • Verify there is not something with a matching CARP or VRRP vhid on the network.



  • Sometimes you need a second set of virtual eyes :)

    I changed the VHID (still waiting for the Data Centre to assign/confirm a VHID I can use) and so far it seems stable.

    You would think I would remember this from the last time we had a similar unstable connection which turned out to be the same problem.

    Thanks for the assistance.


Log in to reply