When using ipsec.conf to set up the vpn on redundant firewalls with carp on the outside interface, I noticed that the session is using the ip of the physical interface and not the ip of the carp interface which the remote end is listening for. When looking in the man pages there are options for local <localip> remote <peerip> but setting this up seems to give me a syntax error. I had this working a few days ago and now I cant seem to figure out what im doing wrong.
local x.x.x.142 remote y.y.y.218 ike esp from a.a.a.0/24 to b.b.b.0/21 peer y.y.y.218 ike esp from x.x.x.142 to b.b.b.0/21 peer y.y.y.218 ike esp from x.x.x.142 to y.y.y.218 ike esp from b.b.b.0/21 to a.a.a.0/24 peer x.x.x.142 ike esp from y.y.y.218 to a.a.a.0/24 peer x.x.x.142 ike esp from y.y.y.218 to x.x.x.142
