On 22/12/2010 12:42, Seth Mos wrote: > Op 22-12-2010 11:22, Vincent Hoffman schreef: >> At work we've a couple of servers running a synced pfsense >> cluster with IPsec tunnels to 2 other pfsense firewalls. While I can see >> that CARP syncs the configs across within the cluster I cant find >> anything that specifically says that if the primary node dies the ipsec >> (racoon) demon will start up automatically on the backup, and since its >> in production now I cant easily get permission to test. Can anyone >> confirm that if the primary dies the secondary will start up racoon and >> re-establish the IPsec tunnels, or if this is a manual process? >> So far management has been very impressed with pfsense so I can >> finally sneak FreeBSD into production here;) >> > > Use one of the CARP IP addresses as the endpoints, then it will > negotiate the tunnel again with the other node. I'm already using a CARP address as the VPN endpoint. So the failover will fire up racoon on the backup node, or do i need to have racoon started on the backup node already and it just wont negotiate until its master for that CARP interface?
Thanks, Vince > > Regards, > > Seth > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org