I had one of those moments yesterday that I can only terminate on the OPT interface, but not the WAN. I will check too.
Regards, Seth Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven: > I'm wondering if I'm seeing something closely-related: I also have a VIP > (CARP) setup where IPSec will not work properly. I never thought to examine > the actual IPs that closely, though... I'll see off I can replicate the > problem tomorrow. > -Adam > > > Joshua Schmidlkofer <[email protected]> wrote: > >> Dear Support, >> >> I have multiple WANs at one site, and it I have a few different >> places which I am connecting tunnels to. It appears that creating new >> connections to the end points is a little unpredictable. >> >> I can't seem to control which interface the initial contact packets >> comes from. I don't know how to explain this, but let's say I have >> two WAN connections. I have named them CABLE and LEASED. >> >> Several tunnels work fine, but these last two have been completely >> out of control. No matter what, in one case I am going down the wrong >> line. According to IPsec policy this tunnel is configured for >> Interface "CABLE", and everything else set properly. Site-A has two >> lines. Site-B has only one. Site-B can instatiate successful VPN >> connection, Site-A cannot. Site-A persistently, in this one tunnels >> case, is using the wrong line. >> >> I cannot determine a good method for forcibly routing the traffic, >> and racoon doesn't seem to honor the source-interface configuration. >> Racoon is binding to the correct IP addresses. >> >> On the same topic, I was unable to successfully convince racoon to >> bind to a virtual IP as well. I have been forced to use the Interface >> IPs. >> >> Advice, help, ideas? >> >> Sincerely, >> Joshua >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
