Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP master vip

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MilesDeep
      last edited by

      I've got a main pfSense fw and a backup.  All the virtual IPs status on FW1 are listed as Master.  All the VIPs on the backup firewall are listed as Backup, except for one.  The VIP for the storage network, on both firewalls are said to be Master.  Any suggestions?  Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • M Offline
        MilesDeep
        last edited by

        Since there is some indication that version number my be at play here; FW1 (master) is 2.1, FW2 (backup) is on 2.1.5.  Again, only on VIP is seeing both ends as Master.  All others are Master/Backup.

        1 Reply Last reply Reply Quote 0
        • JeGrJ Offline
          JeGr LAYER 8 Moderator
          last edited by

          You should bring both nodes to the same version, there were quite a few changes from 2.1 -> 2.1.5 belonging to CARP and VIP code.

          Greets

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • awebsterA Offline
            awebster
            last edited by

            I've seen this behavior under several circumstances:

            • when there is a carp misconfiguration; be very careful about the VHID, it must be unique for each virtual IP

            • when there is something filtering CARP traffic between the nodes

            • when there is leakage between the virtual IPs (eg: lan and dmz can see each other on layer 2).

            –A.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.