Netgate m1n1wall

Author Topic: CARP - IPSEC - failover - listen (500) in racoon.conf  (Read 2594 times)

0 Members and 1 Guest are viewing this topic.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
CARP - IPSEC - failover - listen (500) in racoon.conf
« on: March 02, 2007, 01:24:20 pm »
Hello,

now i set with an established carp cluster and ipsec syncronize enabled, the tab on ipsec failover to my carp wan ip. In the /var/etc/racoon.conf  at the top of the file it shows listen (isakmp "wan-carp" (500)); and i think itīs fine.

I delete the wan carp ip and now it shows (isakmp "blank" (500); and i think, it is not OK, because all tunnels are down and not comes up....., also when i deleted the special config of the cluster.

In the webgui the system logs shows on the tab "ipsecvpn" :

racoon: ERROR: /var/etc/racoon.conf:2: "500" parse error

This ist in the v.1.01 and also in the newest releng_snapshot version shown.

Is it by design? or a litte bug?
My Test-Tunnels comes not up..

Very special greetings from Germany
Heiko

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #1 on: March 02, 2007, 01:26:31 pm »
This has been fixed in a recent snapshot.  Please upgrade.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #2 on: March 02, 2007, 02:03:47 pm »
I have upgraded to the snapshot from 27.02., but it is also the same behaviour,

??
Heiko

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #3 on: March 03, 2007, 08:10:58 am »
Hello,
with the build from 3. march, the failover adress is setting correctly when it is deleted.

NOW, the failover IP ist not syncing to the backup carp member. Hm, the Ipsec tunnels syncing correctly.

Greetings from Germany
Heiko

« Last Edit: March 03, 2007, 08:13:48 am by heiko »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #4 on: March 03, 2007, 02:00:54 pm »
I dont think we sync that value.  You will have to input the value on each cluster member.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #5 on: March 03, 2007, 02:23:24 pm »
Hi,

OK, I understand, is it possible to sync this automatically? The manual setting is easily to forget.
It would be a great help for my projects in Moskau, St. Petersburg and Switzerland.

Bye, Heiko


Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #6 on: March 04, 2007, 12:32:35 pm »
Hi,

OK, I understand, is it possible to sync this automatically? The manual setting is easily to forget.
It would be a great help for my projects in Moskau, St. Petersburg and Switzerland.

Bye, Heiko



Not at the moment, no.

Offline heiko

  • Hero Member
  • *****
  • Posts: 663
  • Get a load of that!
    • View Profile
Re: CARP - IPSEC - failover - listen (500) in racoon.conf
« Reply #7 on: March 04, 2007, 03:57:29 pm »
Hello Scott,

maybe later. It doesn't greatly matter.

Greetings from Germany and special thanks for your help.

Heiko