Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    The question of PFSense CARP failover

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 4 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      entinux
      last edited by

      Greetings and according to official instruction , I installed the pfsense with "2.0-RC1" in 2 server (A and B) role as master/backup Firewall+CARP+DHCP successfully.

      I got the problem in failover testing :

      Normal case (Failover A->B) :
      I power-off server A, it can failover the WAN-CARP-IP and LAN-CARP-IP to server B role as master and keep the TCP connection during the failover processing. Download is not interrupted and it runs smooth as per expected =]

      Abnormal case (Failover B->A) :

      If I power-on server A, it can failover back the WAN-CARP-IP and LAN-CARP-IP from server B to server A as master role successfully. BUT it will stop/break all current TCP connection during the failover processing.

      Enable sync is checked in both A and B in CARP settings page.
      May I know that it is the bug or any other solution can resolve the above?

      Many thanks!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        You enable sync on both but sync configuration stays only master box.

        Test a newer snapshot too.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Try entering the sync IP of the opposing box in the state sync section, instead of leaving it blank.

          Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            asalmon
            last edited by

            I had some trouble at first, what I had to do to fix it is first

            Verify that ONLY the master sync server has the various sync buttons checked.

            1. And just to be safe remove any IP address in the Sync form on the slave servers.

            Found in the PFSense Documents at:
            http://doc.pfsense.org/index.php/CARP_Configuration_Sync_Troubleshooting

            next make sure that snyc is set up correclt by checking:

            Enable pfSync in Firewall -> Virtual IPs -> CARP settings -> Synchronize Enabled (check it) on all cluster members.

            -> Synchronize Virtual IPs [ X ]
            -> Synchronize to IP [ insert Slave IP ONLY on Master! ]
            -> Remote System Password [ do not forget! ]
            Select the dedicated Sync interface with the Synchronize Interface dropdown on all cluster members, if itā€™s on a dedicated port select that port if not then select the port on switch your syncing across..
            Afterward visit Firewall -> Rules and add an allow all from any to any rule on each cluster member for the newly created pfsync interface.
            Found in the PFSense Documents at:
            http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29

            I know that this might be a common mistake, but I am new to PFSense and I did the above and it fixed my syncing issues.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.