[pfSense-discussion] IPSEC routing hack, and CARP, leading to arpresolve can't allocate route errors
if you recall, to make your pfsense firewall itself be able to talk to a remote site over an IPSEC tunnel, you need to add a hack which is a static route to remote network via the LAN address if you have a firewall cluster and you use the CARP address of the LAN, it does work, but it *seems* to cause the following errors to appear in system log: Sep 1 15:40:01 kernel: arpresolve: can't allocate route for 10.1.2.254 the 10.1.2.254 is the CARP ip on the LAN I can make these go away by using the IP of the firewall's LAN but that kind of defeats part of the purpose of having a cluster and carp! Apart from this being a distraction/nuisance, is this something to worry about?# thanks Paul - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] IPSEC routing hack, and CARP, leading to arpresolve can't allocate route errors
On Wed, Sep 1, 2010 at 12:23 PM, Paul Mansfield it-admin-pfse...@taptu.com wrote: if you recall, to make your pfsense firewall itself be able to talk to a remote site over an IPSEC tunnel, you need to add a hack which is a static route to remote network via the LAN address if you have a firewall cluster and you use the CARP address of the LAN, it does work, but it *seems* to cause the following errors to appear in system log: Sep 1 15:40:01 kernel: arpresolve: can't allocate route for 10.1.2.254 the 10.1.2.254 is the CARP ip on the LAN I can make these go away by using the IP of the firewall's LAN but that kind of defeats part of the purpose of having a cluster and carp! Apart from this being a distraction/nuisance, is this something to worry about?# No, just happens when the system tries to ARP its own CARP IPs. Only cosmetic. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org