RE: [pfSense Support] failover ipsec
On further review of this the issue seems to lie in the fact that the tunnel end of the ipsec is running A via padlock chipset. If I replace the tunnel end with the same config.xml file and a wrap board the tunnel works perfectly. From: alan walters Sent: Saturday, November 12, 2005 10:47 AM To: support@pfsense.com Subject: [pfSense Support] failover ipsec Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
[pfSense Support] failover ipsec
Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
RE: [pfSense Support] failover ipsec
Cool you guys are great. This solves a long running problem. Time to get testing I guess. thanks > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: 13 October 2005 22:05 > To: support@pfsense.com > Subject: Re: [pfSense Support] failover ipsec > > On 10/13/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > > > > > Just a general question. > > > > > > > > Would like to know if people think that this would work. > > > > > > > > > > > > > > > > Internet real > > > > | > > > > Datacentre (IPSECEND) > > > > | > > > > | > > > > |-- | > > > > | | > > > > | | > > > > | | > > > > Internet 1 internet2 > > > > | | > > > > > -- > > > > | | > > | > > > > Wan opt1 | > > > > IPSEC1__IPSECFAIL| > > > > | > | > > > > > > | > | > >PFSENSE BOX > > > > Opt2 > > | > > > > Public ip block | > > > > > - > > Should work A-OK. However SASYNCD is not completely finished so > failover time will be about 2 seconds from what I experience on my > home ipsec line. > > Scott > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] failover ipsec
On 10/13/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > Just a general question. > > > > Would like to know if people think that this would work. > > > > > > > > Internet real > > | > > Datacentre (IPSECEND) > > | > > | > > |-- | > > | | > > | | > > | | > > Internet 1 internet2 > > | | > > -- > > | | > | > > Wan opt1 | > > IPSEC1__IPSECFAIL| > > | | > > > | | >PFSENSE BOX > > Opt2 > | > > Public ip block | > > - Should work A-OK. However SASYNCD is not completely finished so failover time will be about 2 seconds from what I experience on my home ipsec line. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] failover ipsec
Just a general question. Would like to know if people think that this would work. Internet real | Datacentre (IPSECEND) | | |-- | | | | | | | Internet 1 internet2 | | -- | | | Wan opt1 | IPSEC1__IPSECFAIL | | | | | PFSENSE BOX Opt2 | Public ip block | -