How to add a second virtual IP for CARP ????

pedreter

First of all… hello everybody!!!!!  :)

I am having an problem with CARP and i would like to ask for your help and/or feedback, please....

I have Firewall-A  and  Firewall-B  working in HA with CARP perfectly!  they have a virtual IP (CARP type) that works as a floating IP. So far so good...

If i want to add now a second IP floating IP address??? how do i do it?

i have tried to add a second CARP virtual IP and it works... but after a couple of hours, both virtual IPs.... the first one and the second i created stop working and no traffic can pass the fw!

am i doing right? does PfSense support 2 carp virtual IPs?? what is the correct to do it?

Thanks in advance!

Pedreter.

andrew4902

Are you setting up your firewalls as described here: https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)? I setup a pair of firewalls with pfSense 2.1.4 with VIPs on the LAN and WAN interfaces without any trouble.

secgeek

I don't believe you can add a second CARP IP to the interfaces.  The simple configuration what is described in the book and in the online documentation seems to be the only one that works.

I tried to turn a CARP setup without a dedicated pfSync interface that didn't work either; actually it doesn't seem to fail from the start but sometime afterwards.

JeGr

@secgeek: Don't know what you are trying to say, but it doesn't make sense.
@pedreter: we run a datacenter firewall cluster with HA and carp on multiple physical interfaces (6) with about a dozen VIPs on our second WAN link and minimum one on the remaining links (WAN, XFER, MGMT, etc.). No problem with that. Seems like a configuration issue to me rather than any problem with CARP or IPs.

Greets