Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Upgrading from 1.0 and problems

    IPsec
    2
    7
    2557
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moffl last edited by

      Hello All:

      Just a brief history:

      I have approx 30 remote locations that i was using CARP Virtual ips and IPSEC tunnels on the old 1.0 release.  As i was setting up 1.2 i realized that the failover IPSec is no longer and upon searching i found this to be true. I then started researching openvpn and discovered that it will have complete access as there is no filtering on this. If this is not correct please correct me.

      If i was to use openvpn for these 30 locations would i have to create a port and cert for each remote. so i gues i would like someone to point me in the right direction

      thanks

      1 Reply Last reply Reply Quote 0
      • H
        heiko last edited by

        For me CARP and ipsec failover on a 1.2 cluster works as it should.
        And yes, you cant filter rules on openvpn with 1.2, this will be a feature in 1.3

        1 Reply Last reply Reply Quote 0
        • M
          moffl last edited by

          @heiko:

          For me CARP and ipsec failover on a 1.2 cluster works as it should.

          in 1.0 there was a failover ipsec portion and i could not find it in 1.2 am i missing it or is setup different for carp and failover

          1 Reply Last reply Reply Quote 0
          • H
            heiko last edited by

            which option, preemption?

            1 Reply Last reply Reply Quote 0
            • M
              moffl last edited by

              In 1.0.1 there was a option under ipsec called failover ipsec and you would enter your carp public ip address in this location. In the latest release of 2.0 is option does not exist therefore instead of having the endpoint of your tunnel pointing at the carp public(virtual ip) it instead points to your wan address. What am i missing

              Also in the version i pfsense version i am running the preemption check box is not there

              1 Reply Last reply Reply Quote 0
              • H
                heiko last edited by

                you choose you carp WAN IP in the tunnel configuration page directly, look at the interface dropdown box

                1 Reply Last reply Reply Quote 0
                • M
                  moffl last edited by

                  Thank you for your help, I had found the setting late last night which explains a lot i quess we can now consider this thread closed

                  again thanks heiko

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy