Bug #798
closed
IPSEC not working after CARP failover
0%
Description
I have tested multiple pfsense clusters running on Vmware ESXi. When a CARP failover initiates, the backup unit takes over, and the IPSEC tunnel is rebuilt. The backup unit reports that the IPSEC tunnel is established properly and working. However, no IPSEC traffic passes through the tunnel. If I disable then re-enable the IPSEC on that unit, the tunnels rebuild and traffic passes correctly. This happens nearly every time a failover happens. It has properly worked twice in my testing, the rest of the times the tunnel is in this 'half-up' state. I am running DPD at 60seconds, and have a server to ping to keep the tunnel alive. Disabling/Enabling the IPSEC always fixes the issue.
The only error reported on the pfsense is:
racoon: ERROR: unknown Information exchange received.
Updated by Chris Buechler almost 15 years ago
- Status changed from New to Rejected
falls into the category of DPD not functioning in ipsec-tools, which is being tracked on 2.0.
Updated by orangepeel beef almost 15 years ago
do you have a specific bug ID I can track? I can't seem to locate it.