+1

Hi I have find the problem I contact the ovh support. when I configure the ip on ovh manager I have a mac adress define for this ip (before I use this ip for a virtual machine) . and if and mac adress is define I can't use it to connect directly from a physical server. when I delete the mac adress I can ping it with no problem  :) Lolo

SYNC has nothing to do with VIPs either. You could use a VLAN interface as a pfsync/xmlrpc sync interface. Not sure you should, but you could. It won't care either. Just has to be tagged through the switch properly to both nodes. On a busy site you do not want pfsync to get backlogged. A rule of thumb is pfsync requires about 10% of the bandwidth represented by the states that are being synced. Why not just use a dedicated interface? If it's worth HA it's worth doing right. But i can only get the sync from a VLAN to work on the same interface as the vlan. No idea what you're saying here either.

To get rid of that split error, just get rid of that line in the Secondary config file. It works for me ;D ;)

"Needed to add a second subnet to the LAN" As a vlan??  Or you wanting to run multiple layer 3 on the same layer 2??  If so that is BORKED - rethink what your doing.  And when you come up with vlans as your answer to running multiple networks on the same physical interface you have gotten to the correct answer ;)

I too would like to know the answer to this.  I also have a similar MLPPP configuration and would like to know if CARP Failover will work.

Now it is working. I've had to choose for the OpenVPN server the CARP VIP as an interface. Thank you!

Hmm, ping and RDP started working when I checked the "Default gateway" box on the Fiber Link. Not sure I understand why that is….

Thanks, that fixed the issue.

It's disabled when the configuration format is different between them, as marked by the "<version>XX.Y</version>" in config.xml If the configuration version is different, they cannot sync because it could push incorrect data. That said, synchronizing between different versions has never been officially supported, nor recommended. It may have worked by chance before, but we never recommend running different versions for any measurable amount of time. Just long enough to make sure the updated node is functional/tested, which shouldn't involve any configuration changes.

Any blog post or diagram should tell you to get a /29. That is how it is done. Anything worth HA is worth doing right, IMHO. And you cannot use Automatic outbound NAT with CARP/HA. It must be manual to the CARP VIP is used there.

Try these: net.inet.igmp.default_version=2 net.inet.igmp.sendra=0 net.inet.igmp.legacysup=1

I have resolved the issue, it appears I was hitting a change in pfsync as of pfsense 2.2 as shown here https://forum.pfsense.org/index.php?topic=93052.0 https://forum.pfsense.org/index.php?topic=93132.msg519077#msg519077 Since I was using VMXNET3 interfaces in ESXi and VirtIO interfaces in Proxmox they show up as different hardware since they have different drivers and pfsync cannot function properly.  The work around in the previous threads was to create a LAGG but the simpler solution in this case was to change Proxmox to use VMXNET3 interfaces and my states are synced perfectly now.  Changing both VMs to use E1000 interfaces likely would have worked too.

It works for me in Chrome here on 2.3.3. Make sure you clear the browser cache (ctrl+F5, or shift+reload) between tests. I tried switching between each of the possible VIP modes and the correct fields were enabled each time.

Solved! On the controller's firewall i had to disable "Prohibit IP Spoofing".

@Elegant You already have Dial on Demand. What I have read here http://sirlagz.net/2014/12/22/pfsense-carp-and-pppoe/ and here http://theartofservice.com/pfsense-carp-and-pppoe.html is that you also need to disable the Gateway monitoring. Then PPPoE will only be created on 2nd Firewall when 1st one goes down. I have not done this myself though yet.