• CARP VIP in DMZ with few public IP addresses

    1
    0 Votes
    1 Posts
    89 Views
    No one has replied
  • Adding HA/CARP/SYNC to existing Infrastructure

    5
    0 Votes
    5 Posts
    242 Views
    T

    @bp81 I ended up performing the addition using the first method you mentioned, plus the firewall configuration, and then it worked like a charm. It even added all of the packages to the new node.

    Now, I'm dealing with an IPSec speed issue, but that is a whole separate issue and one I have already opened another thread on.

    Thank you for taking the time to reply; it is much appreciated, and now if someone else is looking for the same thing, they have some really good options!

    Have an excellent day!

    TSoF

  • Different CARP LAN - WAN unplug behavior

    3
    0 Votes
    3 Posts
    189 Views
    B

    @Nyxtorm said in Different CARP LAN - WAN unplug behavior:

    I'm replying to myself in case anyone has the same case.

    On my WAN interfaces, I had a static IPv4 (on the local subnet of my Livebox (French ISP router)), and an IPv6 in DHCP6.

    Once I've also set the IPv6, and the gateway v6 to static, the behavior is fine when I disconnect the WAN: the WAN interface goes to INIT, the others to BACKUP on the primary, and the secondary recovers MASTER status on all interfaces.

    I believe that this behavior is what you would typically see if one of your WAN interfaces (your IPv6 gateway in this case) is set to DHCP instead of static addressing. CARP/HA doesn't tend to work that well with WANs using DHCP instead of static addressing.

  • 0 Votes
    1 Posts
    89 Views
    No one has replied
  • 0 Votes
    2 Posts
    155 Views
    B

    We are also seeing this since we upgraded to 24.11 with all patches applied.
    "A communications error occurred while attempting XMLRPC sync." on primary node.

    Accessing the webgui on secondary node hangs the firewall after 5-10 seconds.
    If we access the CLI everything seems fine and no hangs unless we initiate a reboot, Then the secondary hangs and we need to pull the power to recover.

    This happens usually after 5-14 days of uptime of secondary node.

  • Need to switch to Policy Based States, cant find it in 2.7.2?

    1
    0 Votes
    1 Posts
    79 Views
    No one has replied
  • CARP Phishing

    4
    0 Votes
    4 Posts
    195 Views
    T

    It's helpful thanks for sharing.

  • User privileges ( admin group ) don't sync.

    2
    0 Votes
    2 Posts
    133 Views
    M

    I am seeing a similar problem on pfSense+ 24.11 (patches applied).

    The ADMIN group being REMOVED from user rights assignments on secondary/backup HA cluster members any time the password is changed on the primary member.

    I am having to logon to the secondary members and manually add the user(s) back to the ADMIN group.

    This is not desired behavior, and I confirmed it is not happening on CE 2.7.2 (patches applied).

  • Custom CARP failover script - Not working?

    1
    0 Votes
    1 Posts
    100 Views
    No one has replied
  • 0 Votes
    6 Posts
    494 Views
    M

    @mike_vc

    I used to have this issue too, so on every new firewall I setup, I always make sure to add the following values under System, Advanced, System Tunables:

    net.inet.carp.preempt 1
    net.inet.carp.ifdown_demotion_factor 240

    Also, make sure that the primary firewall's CARP skew is 0, and the backup firewall's CARP skew is 100.

  • SYNC interfaces keeps being overwritten

    2
    0 Votes
    2 Posts
    143 Views
    M

    @michmoor Ok i know the problem. OPT interfaces are mismatched. I don't know how to align the OPT interfaces so the master and backup are in sync.

  • HAProxy backend hostname issues

    1
    0 Votes
    1 Posts
    165 Views
    No one has replied
  • HA Proxy, same server multiple ports (Turnkey Linux)

    4
    0 Votes
    4 Posts
    219 Views
    V

    @CreationGuy
    That's not a problem. However, you have to configure a separate backend for this. Then you can configure a frontend rule to forward certain traffic to it.

    Actually you have all three services within a single backend pool, all in active mode. Hence you cannot determine which per rule.
    HAproxy can only load balance between these backens this way.

  • HAproxy 503 error on secondary domain

    10
    0 Votes
    10 Posts
    487 Views
    A

    I got it working after creating a new server to replace the one serving butiktrip.2nd

  • strange connectivity errors in HA

    8
    0 Votes
    8 Posts
    373 Views
    P

    @viragomann
    Hi viragomann,

    thank you very much for your time and investigation. Your answer was very important bringing me back to the correct path for debugging. The reason, why clients can't reach the internet was an inconsistent configuration of pfBlockNG between the two HA members. I've ignored erros like this:

    /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfB_BinaryDefense_v4' for rule 'NAT Allow HTTPS_2_xxxxxxxx'
    Dec 14 16:17:17 svrfw02 php-fpm[32037]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfB_DNSBLIP_v4' for rule 'NAT Allow HTTP_2_xxxxxxxx'
    Dec 14 16:17:17 svrfw02 php-fpm[32037]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfB_DNSBLIP_v4' for rule 'NAT Allow HTTPS_2_xxxxxxxx'
    Dec 14 16:17:18 svrfw02 php-fpm[32037]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:299: syntax error - The line in question reads [299]: rdr on lagg1.808 inet proto tcp from ! to 83.x.x.54 port 443 -> $SERVER_xxxxxxxx

    After fixing this, switching between carps members works correctly.
    Again, thank you for your assistance !!!!!

  • 0 Votes
    1 Posts
    86 Views
    No one has replied
  • Secondary machine freezes up.

    1
    0 Votes
    1 Posts
    122 Views
    No one has replied
  • ssh/webapp unavailable when in BACKUP mode

    1
    0 Votes
    1 Posts
    115 Views
    No one has replied
  • HA Config BIND DNS sync setup problem

    17
    0 Votes
    17 Posts
    2k Views
    B

    @kiokoman

    After years, new internet provider, same problem, we have managed to switch our rack hosted servert to ha, and the same config worked perfect on the other isp network. So the problem is related to the internet provider, but saddly they say everything is ok...But its workes, so the config is okay, just need a good isp endpoint :D

  • 0 Votes
    1 Posts
    128 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.