Problems with Carp setup after 2.0.2 to 2.03 upgrade.
-
Very strange problem after an upgrade of a working setup.
We have two pf FW setup in a cluster and they have been working well and as expected.
(Also running with multi wan)
Once we upgraded to 2.0.3 we started having any WAN (or external interface) completely stop responding past the firewall.I could still ping the lan(s), and all wan(s) of the fw interfaces, but anything past that would not respond on any interface.
This would be random as it may be fine for while then just stop. Then for no reason it may start working again.
There was no WAN flapping as I could tell and the only fix was to take one FW out of the picture.With a FW removed, everything was fine. It does not seem device related as same problem/fix would happen with primary FW removed also.
It happens when both fw are running.
Any help appreciated. -
Can you provide more information about your setup?
What is the reported CARP status on each device when the problem occurs?
And lastly, does the packet pass through the firewall but doesn't make it back or doesn't it pass through in the first place?
-
System was up and running fine prior to 2.0.3 and test regularly for redundancy.
System is Multi WAN / Multi Lan with Carp syncing two systems.
Carp status was fine. Primary and secondary both reported normally.
I could ping my Lan address and PFsense WAN IP's with out drop.
After the WAN ip's. (IE: WAN gateway) packets start dropping for no reason.
I could get a good set of pings to the same address for a bit…then stop again.Tested each WAN by it self with same results with both boxes up.
The only fix at the time was to remove one box from the cluster. (just a shut down....not disabling carp)