HA : Virtual IP : IPv4/IPv6 : IPsec VPN client wants to connect to backup device

Started by rainerle, May 20, 2022, 05:16:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2022, 05:16:59 PM Last Edit: May 25, 2022, 12:39:20 PM by rainerle
Hi,

following setup:


- On both HA partners I have VPN IPsec activated.
- Client from the WAN interface is able to connect using IPv4 and IPv6 address of the vpn services domain name
- Client from the LAN interface is able to connect using IPv4
- Client from the LAN interface connecting using the IPv6 address is able to connect, but no network services within the VPN are available.

After looking around I saw that the LAN client is connecting to the running IPsec service on the backup firewall.

Pinging the VPN domain name from the LAN client get resolved to the IPv6 virtual IP address, but the connection to the VPN service is established to the backup firewall...  :-[ :-[ :-[



May 25, 2022, 01:08:19 AM #1
After disabling "Router Advertisements" on the backup firewall the problem seems to be gone.

No idea, if I have a misconfiguration problem or if a HA pair should not use unmanaged radvd on the LAN.
May 25, 2022, 01:33:02 AM #2
This seems to be my problem:
https://github.com/radvd-project/radvd/issues/162

Maybe it should be fixed with a work around like on pfSense.
https://redmine.pfsense.org/issues/11103
May 25, 2022, 01:58:48 AM #3
May 25, 2022, 12:38:42 PM #4 Last Edit: July 28, 2022, 08:05:10 PM by rainerle
Finally IPv6 with active/passive HA cluster works.

I created fe80::1/64 CARP Virtual IPs per interface and assigned these to the Unmanaged Router Advertisement networks.

Synced to the backup partner and after an ipconfig release/renew it just works.

IPv6 is so different to how IPv4 works on some levels. Seems I need to get a tutorial...
Print
Go Up Pages1
User actions