Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP issue?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 938 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Sensi
      last edited by

      I had a CARPed (for a live backup) version of pfSense2.0.1.

      However, it was failing to correctly/smoothly make changes and reported an authentication error - somehow, it had 'lost' the password.  So, I VGA accessed the box and set-up the password on the second box correctly - now I can GUI into it and pfSense no longer reports an authentication error when I make a change (to the shared address).

      If I go directly into the IP address of each box, then the dashboard looks slightly different and the CARP status section only appears on one box.  The two boxes have different DNS readings.  That said, CARP says it is working.  But, if I go to STATUS - CARP, whilst one says backup and the other master for all the vLans, at the bottom, the 'master' one lists 7 pfSync nodes and the 'backup' 8.  Further, if I make a change to an interface name (description), it doesn't seem to copy through.

      If I go into editing the CARP settings, on one box there are no entries for pfsync Synchronize Peer IP and Synchronize Config to IP - yet the other box (the 'master') has its own IP entered as pfsync Synchronize Peer IP and the other box in for  Synchronize Config to IP .

      Is it all correct?  I am looking at upgrading to 2.2.2 very soon - but I have heard that CARP doesn't upgrade very well?  Should I look at deCARPing?

      1 Reply Last reply Reply Quote 0
      • dotdashD Offline
        dotdash
        last edited by

        Both boxes should have the pfsync section filled out usine each other's addresses.
        The master should have the XMLRPC sync section filled out, sync config to IP points to backup box. No XMLRPC sync settings filled out on backup.

        1 Reply Last reply Reply Quote 0
        • S Offline
          Sensi
          last edited by

          So, the box that sits at 192.168.2.1 (master) should have 192.168.2.2 (slave) entered into 'pfsync Synchronize Peer IP'  and 192.168.2.2 should have 192.168.2.1 entered into this box then?

          And, in 'Synchronize Config to IP'under 'Configuration Synchronization Settings (XMLRPC Sync)', 192.168.2.2 should be entered on the master box, with nothing entered on the slave.

          I'll do that next time I'm on-Site (as the remote VPN doesn't like 192.168.x.x and just lets me to the shared address of 10.64.0.1

          Many thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.