ipsec on floating interface

rob.thomson · May 4, 2016, 4:28pm

Hello

I have bee fighting with an obsure issue for the past 48 hours.

Essentially I have two routers

ROUTER1:
WAN: 212.59.222.2

ROUTER2:
WAN: 212.59.222.3

These boxes then have a floating WAN address of:

FLOATING
WAN: 212.59.222.1

Now… the floating ip range has 13 vpn tunnels attached to it.

For months this has worked absolutely fine - but recently for no apparent reason the vpn tunnels have stopped working.

I have tracked the issue down to the fact that despite the tunnel being bound on the 212.59.222.1 address. When the tunnel tries to connect it does so on the 212.59.222.2 or 212.59.222.3 address.

The net result is my tunnels are fail.

Does anyone have an idea how to fix this issue?

Rob

16again · May 4, 2016, 6:44pm

What is a “floating interface?” Only heard of floating route before.
Do you mean VRRP virtual IP?
What’s your config?

rob.thomson · May 4, 2016, 6:55pm

I am using the high availability system.

However I have swapped over to vrrp to test - and the same issue occurs!

It only works when the floating ip is the only ip on the interface.