Carp: Interface specified for the virtual ip address does not exist
-
Greetings all,
I spun up a new firewall today (pfSense 2.1.4) to act as my standby in case something happens to the primary. The primary firewall (pfSense 2.1.2) has 4 interfaces (WAN, LAN, DMZ), and the new server has 3. The 4th interface on the primary firewall is unused.
I have the standby firewall working properly, and I was able to get all the FW rules, aliases, etc sync'd to the standby. However, I get a message on the standby stating, "Interface specified for the virtual ip address does not exist". This particular interface happens to be the DMZ interface on the primary. I have assigned a DMZ interface on the secondary, and double-checked the configuration on both firewalls.
When I look at the CARP interface status on the secondary, I see "opt2_vip" as the DMZ interface (as defined on the primary), but I don't have an "opt2_vip" on the secondary. As a result, the DMZ VIP won't fail over.
Does anyone have a suggestion to coerce pfSense into using the DMZ interface on the secondary as the opt2_vip interface so the HA sync completes properly?
Thanks.
-Ron
-
Argh! As usual, as soon as I added this thread I was able to fix the problem.
On the standby firewall, I edited /config/config.xml and replaced "opt1" with "opt2" for the DMZ interface. I then removed the /tmp/config.cache and /tmp/config.lock files then rebooted the standby. Now, CARP status shows all interfaces in Backup mode as expected.
Sorry for the noise…