[pfSense Support] failover ipsec
Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
RE: [pfSense Support] failover ipsec
On further review of this the issue seems to lie in the fact that the tunnel end of the ipsec is running A via padlock chipset. If I replace the tunnel end with the same config.xml file and a wrap board the tunnel works perfectly. From: alan walters Sent: Saturday, November 12, 2005 10:47 AM To: support@pfsense.com Subject: [pfSense Support] failover ipsec Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
[pfSense Support] failover ipsec
Just a general question. Would like to know if people think that this would work. Internet real | Datacentre (IPSECEND) | | |-- | | | | | | | Internet 1 internet2 | | -- | | | Wan opt1 | IPSEC1__IPSECFAIL | | | | | PFSENSE BOX Opt2 | Public ip block | -
Re: [pfSense Support] failover ipsec
On 10/13/05, alan walters [EMAIL PROTECTED] wrote: Just a general question. Would like to know if people think that this would work. Internet real | Datacentre (IPSECEND) | | |-- | | | | | | | Internet 1 internet2 | | -- | | | Wan opt1 | IPSEC1__IPSECFAIL| | | | | PFSENSE BOX Opt2 | Public ip block | - Should work A-OK. However SASYNCD is not completely finished so failover time will be about 2 seconds from what I experience on my home ipsec line. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] failover ipsec
Cool you guys are great. This solves a long running problem. Time to get testing I guess. thanks -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 13 October 2005 22:05 To: support@pfsense.com Subject: Re: [pfSense Support] failover ipsec On 10/13/05, alan walters [EMAIL PROTECTED] wrote: Just a general question. Would like to know if people think that this would work. Internet real | Datacentre (IPSECEND) | | |-- | | | | | | | Internet 1 internet2 | | -- | | | Wan opt1 | IPSEC1__IPSECFAIL| | | | | PFSENSE BOX Opt2 | Public ip block | - Should work A-OK. However SASYNCD is not completely finished so failover time will be about 2 seconds from what I experience on my home ipsec line. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]