Anyone have any movement on this issue? Sincerely, Joshua
On Thu, May 19, 2011 at 22:16, Seth Mos <[email protected]> wrote: > I had one of those moments yesterday that I can only terminate on the OPT > interface, but not the WAN. I will check too. > > Regards, > > Seth > > Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven: > >> I'm wondering if I'm seeing something closely-related: I also have a VIP >> (CARP) setup where IPSec will not work properly. I never thought to examine >> the actual IPs that closely, though... I'll see off I can replicate the >> problem tomorrow. >> -Adam >> >> >> Joshua Schmidlkofer <[email protected]> wrote: >> >>> Dear Support, >>> >>> I have multiple WANs at one site, and it I have a few different >>> places which I am connecting tunnels to. It appears that creating new >>> connections to the end points is a little unpredictable. >>> >>> I can't seem to control which interface the initial contact packets >>> comes from. I don't know how to explain this, but let's say I have >>> two WAN connections. I have named them CABLE and LEASED. >>> >>> Several tunnels work fine, but these last two have been completely >>> out of control. No matter what, in one case I am going down the wrong >>> line. According to IPsec policy this tunnel is configured for >>> Interface "CABLE", and everything else set properly. Site-A has two >>> lines. Site-B has only one. Site-B can instatiate successful VPN >>> connection, Site-A cannot. Site-A persistently, in this one tunnels >>> case, is using the wrong line. >>> >>> I cannot determine a good method for forcibly routing the traffic, >>> and racoon doesn't seem to honor the source-interface configuration. >>> Racoon is binding to the correct IP addresses. >>> >>> On the same topic, I was unable to successfully convince racoon to >>> bind to a virtual IP as well. I have been forced to use the Interface >>> IPs. >>> >>> Advice, help, ideas? >>> >>> Sincerely, >>> Joshua >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> Commercial support available - https://portal.pfsense.org >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
