Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA setup -> extra public IP's?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mitch2k
      last edited by

      Hi,

      currently I have pfsense instance on an ESX host. The instance has 1 wan interface (with a public static IP).
      I'm goiing to setup a second pfsense in CARP/HA mode on another ESX host.

      So I will have 2 instances with their own WAN & LAN interface (and a pfsync interface of course)

      What I am goiing to do:

      • add dedicated pfsync on both instances on both boxes, and put the in a dedicated VLAN
      • Change the virtual IP's to CARP IP's
      • Setup FW rules & sync

      What I'm not sure about, am I right that I need 2 extra public IP now? so 3 in total for the WAN interface; 1 for WAN pfsense1 (which is allready there), 1 for WAN pfsense2 and 1 WAN IP that fails over on the WAN interfaces (which would be the VPN IP). Or is there a way to do this without the need to buy extra public IP's?

      Thanks

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        @mitch2k:

        What I'm not sure about, am I right that I need 2 extra public IP now? so 3 in total for the WAN interface; 1 for WAN pfsense1 (which is allready there), 1 for WAN pfsense2 and 1 WAN IP that fails over on the WAN interfaces (which would be the VPN IP). Or is there a way to do this without the need to buy extra public IP's?

        As you say.

        After the CARP setup is done, you can add further IP Alias to master, which are also shared.
        Services like VPN have to listen on CARP IP or IP Alias.

        There are thread in this forum where guys wrote, CARP also works with IPs in another subnet (private IP) assigned to WAN interfaces, but it have some disadvantages.
        https://forum.pfsense.org/index.php?topic=87546.msg507885#msg507885

        1 Reply Last reply Reply Quote 0
        • M Offline
          mitch2k
          last edited by

          @viragomann:

          @mitch2k:

          What I'm not sure about, am I right that I need 2 extra public IP now? so 3 in total for the WAN interface; 1 for WAN pfsense1 (which is allready there), 1 for WAN pfsense2 and 1 WAN IP that fails over on the WAN interfaces (which would be the VPN IP). Or is there a way to do this without the need to buy extra public IP's?

          As you say.

          After the CARP setup is done, you can add further IP Alias to master, which are also shared.
          Services like VPN have to listen on CARP IP or IP Alias.

          There are thread in this forum where guys wrote, CARP also works with IPs in another subnet (private IP) assigned to WAN interfaces, but it have some disadvantages.
          https://forum.pfsense.org/index.php?topic=87546.msg507885#msg507885

          Great, thanks for the info!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.