Heinrich Rebehn schrieb: > Patrick Hemmen wrote: >> Ok. >> >> Before using carp/sasyncd the IPSEC tunnel had worked. >> The isakmpd daemon listen on all interfaces/ip addresses. >> >> I am illustrating my set up >> >> vpngw01: 10.10.10.101 >> carp: 10.10.10.1 <-- INTERNET --> remote gateway: 192.168.1.1 >> vpngw02: 10.10.10.102 >> > > Remove the IP addresses from the physical interfaces. The master will > then use 10.10.10.1 as source address. Use the "carpdev" clause in > ifconfig to specify the physical interface used for carp. > > Note however that the machine will no longer respond to broadcast packets. > > -- Heinrich >
I fixed this problem by adding "local 10.10.10.1" before "peer 192.168.1.1" to the /etc/ipsec.conf file. I have to read the manual more thoroughly ;). I think the tunnel isn't available because of wrong lifetimes settings. The remote gateway returns a "NO PROPOSAL CHOSEN" and all other settings are correct. Now, I'm waiting for the lifetimes settings information of the remote site. Best regards. Patrick [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
