I have some more info (this time from physical machines):
After a switchover I can see incoming flow on enc0 on the new master,
and it IS decoded correctly. It is just not pushed out into the
protected network.
Additionally, the replay counters seem to be all in sync except for
one - return tunne
Things look like that:
When cluster is up and client is connected:
1/ output of "ipsecctl -v -sa" is perfectly in sync between nodes.
2/ output of "pfctll -sstates" is sync between nodes within 1s delay
(as expected)
3/ output of "ikectl sh sa" is *not* in sync between nodes. Passive
node has nul
Hello!
I'm trying to build a redundant IPSEC VPN concentrator.
What have I done by now:
* I have a working CARP. Verified from each side. 1-2 pings lost.
Works as expected.
* I have a working iked deployment. Test client can connect, sees
internal network as expected.
* I have a working pfsync.
3 matches
Mail list logo
