On 2015-Mar-09, at 3:05 AM, Chris L <[email protected]> wrote: > >> On Mar 9, 2015, at 2:56 AM, Brian Candler <[email protected]> wrote: >> >> On 09/03/2015 09:51, Bryan D. wrote: >>> So it sounds like the IPsec and OpenVPN traffic would be such traffic? >> IPSEC traffic is addressed *to* the firewall (at least the IKE stuff on udp >> 500 is, since it is received by strongswan/racoon) >> >> But the firewall already has a public IP address for IPSec. >> >> Are you saying you want different clients' IPSEC tunnels to terminate on >> different public IP addresses on the firewall WAN side? That I've never >> tried, and I don't know if it's possible. > > It listens (binds) on whatever interface/VIP is specified in the Interface > drop-down in the IPSec/OpenVPN config. If you have a VIP specified, and you > change the VIP, you might have to go back and select the new VIP. Firewall > rules other than actual interface addresses are specified by IP address so > they should still be good if you change the VIP type.
As I indicated, not changing VIPs, just the VIP type ... change VIP to IP Alias type (save, apply, wait a while for change to take effect), "dead" ... change back to CARP type ... works, again. ??? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
