I'm wondering if I'm seeing something closely-related: I also have a VIP (CARP) setup where IPSec will not work properly. I never thought to examine the actual IPs that closely, though... I'll see off I can replicate the problem tomorrow. -Adam
Joshua Schmidlkofer <[email protected]> wrote: >Dear Support, > > I have multiple WANs at one site, and it I have a few different >places which I am connecting tunnels to. It appears that creating new >connections to the end points is a little unpredictable. > > I can't seem to control which interface the initial contact packets >comes from. I don't know how to explain this, but let's say I have >two WAN connections. I have named them CABLE and LEASED. > > Several tunnels work fine, but these last two have been completely >out of control. No matter what, in one case I am going down the wrong >line. According to IPsec policy this tunnel is configured for >Interface "CABLE", and everything else set properly. Site-A has two >lines. Site-B has only one. Site-B can instatiate successful VPN >connection, Site-A cannot. Site-A persistently, in this one tunnels >case, is using the wrong line. > > I cannot determine a good method for forcibly routing the traffic, >and racoon doesn't seem to honor the source-interface configuration. >Racoon is binding to the correct IP addresses. > > On the same topic, I was unable to successfully convince racoon to >bind to a virtual IP as well. I have been forced to use the Interface >IPs. > > Advice, help, ideas? > >Sincerely, > Joshua > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] > >Commercial support available - https://portal.pfsense.org >
