Hi ! Today we played around with our CARP cluster and IPSec config. We had to change a tunnel from RSA to PSK :( so we deactivated the RSA-config and set up PSK. The tunnel had dynamic IP so the config was neary identical (same IP-nets, hostname, ...) only the key was different from RSA (of course)
Now when the other side tried to connect I always saw in my pfsense logs that it seemed to try to connect to the RSA-config (which was deactivated) and therefore could not establish a tunnel... After I moved the psk-tunnel over the deactivated rsa-tunnel (by editiing the config file) the tunnel was established usinf the psk-config... I was a little surprised because I thought that deactivated would mean it's "not usable" to raccoon ? Anyone any idea or is this intended behavior ? Regards, martin
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
