Help with HA cluster and IPSEC tunnel

Started by EHRETic, May 24, 2024, 01:31:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 24, 2024, 01:31:46 PM
Hi there,

I set up a new HA cluster for my home infra and so far, migration has been great, everything seems to be working as expected. HA works when I switch CARP manually or if I shutdown/restart the master.

Everything... except my IPSEC VPN tunnel that doesn't switch over. :(

My Phase 1 is configured to the WAN CARP IP and I also tried to disable MOBIKE as mentioned here https://forum.opnsense.org/index.php?topic=19244.0
pfsync interface is a dedicated cable and there is a rule that allows everything between both FWs.

As I'm fairly new to HA, I don't know what to expect here but I tried to switchover/restart the master and also tried to shut it down for 10 minutes but this didn't help, IPSEC tunnel is only coming back after master is up again.

IPSEC tunnel is still in the legacy mode, I don't know if switching to the newer version would help.

Where can I start looking? Thanks in advance ;)

K.R
Franck
September 27, 2024, 06:58:31 PM #1
Have you ever found a solution to this? I am stuck in the same problem. The detection that an IPSEC tunnel is actually down (despite DPD etc.) takes forever.
October 01, 2024, 05:55:26 PM #2
Quote from: j.koopmann on September 27, 2024, 06:58:31 PM
Have you ever found a solution to this? I am stuck in the same problem. The detection that an IPSEC tunnel is actually down (despite DPD etc.) takes forever.

I didn't bother too much, I switched to Wireguard tunnel.
It's from my homelab to my parents for DR backups so, it just need to work!
It also increased drastically speed, so it was a win. :)
Print
Go Up Pages1
User actions