Steven Surdock wrote:
Can anyone provide some insight as to the correct configuration of a
sasyncd slave server with respect to /etc/rc.conf.local? For example,
is the following correct?
---------------
ntpd_flags= # enabled during install
sasyncd_flags="" # for normal use: ""
pf=YES # Packet filter / NAT
pf_rules=/etc/pf.conf # Packet filter rules file
pflogd_flags= # add more flags, ie. "-s 256"
isakmpd_flags="-K" # for normal use: ""
ipsec=YES # IPsec
ipsec_rules=/etc/ipsec.conf # IPsec rules file
---------------
Where /etc/ipsec.conf is identical to the master server. I originally
had "ipsec=NO" but the SA's did not renegotiate eight hours (or so)
after a failover:-( Do I need a "-a" for isakmpd?
Thanks!
-Steve S.
Can you provide details of your /etc/sasyncd.conf file
Mine looks like this on master:
interface carp1
peer 192.168.30.2
sharedkey "F00Mat1cA3S|3n"
On slave:
interface carp1
peer 192.168.30.1
sharedkey "F00Mat1cA3S|3n"
apart from the usual
isakmpd_flags="-K"
ipsec=YES
on both the hosts and valid config file on both hosts
Hope this helps!
Prabhu
-
