sasyncd 0.1.0 ['ipsec']['failover'] pkg_edit.php?xml=sasyncd.xml&id=0 VPN failover The sasyncd daemon synchronizes IPSec SA and SPD information between a number of failover IPsec gateways. The most typical scenario is to run sasyncd on hosts also running isakmpd and sharing a common IP-address using carp.

Services

sasyncd.xml Interface interface Peer IP peerip Tunnels vpn_ipsec.php Mobile clients vpn_ipsec_mobile.php Pre-shared keys vpn_ipsec_keys.php CAs vpn_ipsec_ca.php Failover IPSEC /pkg_edit.php?xml=sasyncd.xml&id=0 Enable enable checkbox Interface interface Select the carp interface to use. carp interfaces_selection true Failover IP ip Enter the IP address you would like to use for failover. HINT: You normally want to use a public CARP ip. input Peer IP peerip Enter the peers ip address. HINT: You normally want to enter the peers REAL LAN IP here. input Shared Key sharedkey The shared AES key used to encrypt messages between sasyncd(8) hosts. This configuration setting is required and must be either 16, 24 or 32 bytes long (corresponding to AES using a 128, 192 or 256 bit key). input /* automatically turn on prefer old sa's until sasyncd is finished being ported */ if($_POST['ip'] != "") $config['ipsec']['preferoldsa'] = true; /* resync vpn settings */ mwexec("/usr/bin/killall racoon"); vpn_ipsec_configure();