Re - Compatibility between VRRP and CARP
-
Ok. On the wan we always leave disabled.
My doubt is about the failover IP exchange when, for example, the master goes offline.
For the wan in specific, does pfsense know the failover IP even without configuring it?
-
@empbilly
This setting is only needed for DHCP. It isn't even necessary for the failover of the master role.You have a CARP VIP on on each (virtual) interface. This is always occupied by the master, regardless which node has the master role.
The failover is controlled by the CARP protocol only.So this CARP VIPs are meant to be used as your gateway IPs for your internal devices and on WAN for routing traffic to your pfSense.
The DHCP settings have nothing to do with this.
-
I left one interface free on each appliance for hasync.
on pfmaster I set the IP 10.11.1.1 on igb5
on pfbackup I set the IP 10.11.1.2 on igb5After the settings I enabled ha sync and the error below occurs:
A communications error occurred while attempting to call XMLRPC method host_firmware_version
Do I need to configure anything else on this interface? In pfbackup I don't need to enable hasync, do I?
-
@empbilly
You need to allow the sync on on the backup as described int the docs: Setup Sync Interface.You have to add this rule to the primary, since it is synced to the secondary though, but for the first sync you have to allow it on the secondary as well.
-
Ok. My doubt is if I need to enable this option on pfbackup:
System > high availability sync
Syncronize states?
-
@empbilly
Yes, only the states sync.
So the state are in sync, when failback to the primary and the connections persist.But don't enable XMLRPC sync on the secondary.
Config changes must be made on the primary then. -
pfsync Synchronize Peer IP needs a IP of pfmaster?
-
@empbilly
No, not on the backup! -
Thanks!!! Sorry for so many questions!!! :)
After setting the IP Peer failover in pfmaster's dhcp, in the dhcp lease option, the pool state needs to be normal, right?
Both pfmaster and pfbackup status is recover.
What causes this?
-
@empbilly
Maybe missing the Failover peer IP in the DHCP settings?
This must be stated on the primary only. -
-
We have DNS Forwarder enabled. Do I need to select the VIPs in the DNS Forwarder?
-
@empbilly said in Re - Compatibility between VRRP and CARP:
We have DNS Forwarder enabled. Do I need to select the VIPs in the DNS Forwarder?
Not clear, what you mean. There are no IP to select in the Forwarder settings.
But if you are talking about the DHCP settings, then yes, it doesn't matter if you're running the Resolver or Forwarder or any other DNS server, you have to enter it's IP here. For these ones running on pfSense, this is the interface VIP.
-
I meant that.
But there is still something I am not getting, because I have enabled pfbackup on our network and the WAN is as MASTER in pfbackup and the dhcp leases are not as "normal".
Any hints on what to look for?
-
@empbilly
These are the IPs, the Resolver is listening on. Yes, you should select the respective VIPs there or even keep "all".because I have enabled pfbackup on our network and the WAN is as MASTER in pfbackup and the dhcp leases are not as "normal".
Don't know, what you mean with the term "the dhcp leases are not as normal".
However, I just rarely use the DHCP server on an HA system, so I'm sadly not experienced with it.
If you have trouble with that you should better open a separate thread to get viable help, I think. -
Status > DHCP Leases
Pool Status
It is now as "recover state". Regardless if I put pfbackup on the network, with Failover peer IP configured, it is still in "recover state".
