@kiokoman

After years, new internet provider, same problem, we have managed to switch our rack hosted servert to ha, and the same config worked perfect on the other isp network. So the problem is related to the internet provider, but saddly they say everything is ok...But its workes, so the config is okay, just need a good isp endpoint :D

@SteveITS said in WAN Gateway on Backup server in CARP shows down:

https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html#wan-addressing

Hi @SteveITS
Thanks for the prompt response. I have assinged uniqe ips on wan port of each pfsense box . and uniquie ip on lan of both pfsense.

yet when a pfsense box is in Backup mode i cannot get to wan from it. all pings form it fails. eve cannot get a ping replies when i ping the wan ip of another pfsens which has wide open rule on that interface,

Solution:

I connected the two PFS with a virtual Switch (VXLAN+IPSEC). For this i had to lower the MTU to 1360. Unfortunatelly the Adapter in PFSense was set to 1500 and not appling for the new MTU.

Setting down the MTU (in my case to 1360) manually in the SYNC-Interface-Options solved the problem.

@Snailkhan Have never seen that. Only one is Master?

You’re NATting to the shared LAN IP? What is that for?

@Snailkhan
Ensure that all interface pairs can communicate with the respective other node.

@Snailkhan
By default the primary interface IP is used for communication with other devices.

If you want pfSense to use the CARP VIP you have to add an outbound NAT rule to LAN or the respective interface and set the CARP VIP as translation address.

However, don't do this for any traffic! It would lead into issues with services running on both nodes, e.g. DHCP.
So limit the destination (IP and port) to the domain controller or whatever you need it for.

@SteveITS I would prefer not to add more gear for now, since this is temporary until I have two pfSense units and CARP. Maybe I'll just have both connected, but configure the 2nd one in case of longer downtime then.

i have the exact set up but not able to sync