03-28-2019 03:10 PM
I finally found what was wrong : i set up a new vlan but ipsec nego was using the legacy first IP defined on switch, but not the new vlan one.
I changed configuration > system > controller ip address to use the vlan IP that is used for vrrp
Now master redundancy works and database sync is ok.
Thanks for your time.