Yep, Here's more info on this problem: https://bugzilla.vyatta.com/show_bug.cgi?id=2411
These are the actual lines that changed: http://suva.vyatta.com/git/?p=ofr.git;a=commitdiff;h=fc524cf7d59981669cb4400192707d4135c6ff49 The 'if' block on lines 377 to 385 that does the VPN clustering IP check was commented out due to a config system circular dependency problem. The underlying circular dependency has been fixed in Glendale, so the clustering IP check will be re-enabled in that release. -- Marat ----- Original Message ----- From: "Justin Fletcher" <[EMAIL PROTECTED]> To: "Ken Felix (C)" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, December 31, 2007 1:32 PM Subject: Re: [Vyatta-users] clustering problems > Afraid so - a fix didn't make it into VC3. From a while back: > > Ah, piffle - looks like that bug was fixed after VC3 was released. You > need > to correct /opt/vyatta/sbin/vpn-config.pl .You can get the corrected > version from > http://suva.vyatta.com/git/?p=ofr.git;a=blob_plain;f=cli/scripts/vpn/vpn-config.pl;hb=HEAD > or you can just comment out the check, if you're > comfortable with perl. > > Justin > > On Dec 31, 2007 12:56 PM, Ken Felix (C) <[EMAIL PROTECTED]> wrote: >> >> >> >> >> Have anybody attempted clustering with vyatta and seen any problems with >> vpn-ipsec not allowing the cluster ip_addres to be applied? >> >> >> >> >> >> >> >> >> >> [EMAIL PROTECTED] set vpn ipsec site-to-site peer 1.1.1.40 local-ip 1.1.1.36 >> >> [edit] >> >> >> >> [EMAIL PROTECTED] commit >> >> [edit] >> >> Commit Failed >> >> VPN configuration error. Local IP specified for peer "1.1.1.40" has not >> been configured in any of the ipsec interfaces or clustering. >> >> VPN configuration commit aborted due to error(s). >> >> [EMAIL PROTECTED] show cluster >> >> interface eth0 >> >> interface eth1 >> >> pre-shared-secret: "firstcluster" >> >> keepalive-interval: 3 >> >> dead-interval: 10 >> >> group vpn { >> >> primary: "fw001" >> >> secondary "fw002" >> >> monitor 2.2.2.140 >> >> service "1.1.1.36" >> >> service "192.168.254.254" >> >> service ipsec >> >> } >> >> >> >> [edit] >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users