Have not gotten round to debugging yet. Regards,
Seth Op 24 mei 2011, om 17:26 heeft Joshua Schmidlkofer het volgende geschreven: > Anyone have any movement on this issue? > > Sincerely, > Joshua > > On Thu, May 19, 2011 at 22:16, Seth Mos <[email protected]> wrote: >> I had one of those moments yesterday that I can only terminate on the OPT >> interface, but not the WAN. I will check too. >> >> Regards, >> >> Seth >> >> Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven: >> >>> I'm wondering if I'm seeing something closely-related: I also have a VIP >>> (CARP) setup where IPSec will not work properly. I never thought to >>> examine the actual IPs that closely, though... I'll see off I can replicate >>> the problem tomorrow. >>> -Adam >>> >>> >>> Joshua Schmidlkofer <[email protected]> wrote: >>> >>>> Dear Support, >>>> >>>> I have multiple WANs at one site, and it I have a few different >>>> places which I am connecting tunnels to. It appears that creating new >>>> connections to the end points is a little unpredictable. >>>> >>>> I can't seem to control which interface the initial contact packets >>>> comes from. I don't know how to explain this, but let's say I have >>>> two WAN connections. I have named them CABLE and LEASED. >>>> >>>> Several tunnels work fine, but these last two have been completely >>>> out of control. No matter what, in one case I am going down the wrong >>>> line. According to IPsec policy this tunnel is configured for >>>> Interface "CABLE", and everything else set properly. Site-A has two >>>> lines. Site-B has only one. Site-B can instatiate successful VPN >>>> connection, Site-A cannot. Site-A persistently, in this one tunnels >>>> case, is using the wrong line. >>>> >>>> I cannot determine a good method for forcibly routing the traffic, >>>> and racoon doesn't seem to honor the source-interface configuration. >>>> Racoon is binding to the correct IP addresses. >>>> >>>> On the same topic, I was unable to successfully convince racoon to >>>> bind to a virtual IP as well. I have been forced to use the Interface >>>> IPs. >>>> >>>> Advice, help, ideas? >>>> >>>> Sincerely, >>>> Joshua >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> Commercial support available - https://portal.pfsense.org >>>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
