IPSEC & Carp failover

  • Hello everyone,

    i don't know if it's more IPSEC or CARP related… but

    I struggle with a CARP failover timeout.

    When booting master and slave, i can see my IPSEC alive, can ping hosts through ipsec... no problem.
    --> IPSEC Status =  Master : Established, Slave : Disconnected

    If i simulate a CARP failover (in CARP Status), i loose one ping, and it's back.
    --> IPSEC Status = Master : Connecting , Slave : Connected.

    But then, if i try to go back to master, i never get vpn to start :
    --> IPSEC Status = Established, Slave= Connecting

    From now, there is a long time before the slave logs stop trying to reconnect to remote (peer not responding (3 tries), giving up after 5 retransmits... and so on)
    While this time, i lost ping. When the slaves stops, ping is back.

    I guess there is a special setting for this situation ?

    DPD is enabled, defaults.

    Has anyone been facing the same issue?

    Thanks everyone !

Log in to reply