Problem with standby node
-
Looks like the firewall is either blocking that connection if it has to time out or rejecting that connection if you are getting that connection closed immediately.
That image is too small to read clearly - even with my reader specs.
-
The connection closed comes after a longish delay.
Slightly larger image, hopefully this is more clearer.
-
What interface is that on? What is the interface subnet? What is the source address? What is the target address?
See my sig for the type of information required for us to help you.
-
The setup is like this:
igb0.217 = 10.217.1.1/24 (vip), 10.217.1.2/24 (gw1), 10.217.1.3/24 (gw2)
igb0.100 = 10.217.110.1/24 (vip), 10.217.110.2/24 (gw1), 10.217.1110.3/24 (gw2)Then gw1 is master, and gw2 is standby, I can access 10.217.1.2 from 10.217.110.125/24 just fine. I can't access 10.217.1.3/24 from that station, but I can access 10.217.110.3 just fine.
If I switch gw1 as standby and gw2 as master, I can't access 10.217.1.2 from 10.217.110.125 anymore, but I can access 10.217.110.2.
In spirit of debugging I have now tested this about 10 times by perusing the 'persistent CARP maintenance mode' on gw1.
the pfSenses are in a HA cluster mode, serving those subnets.
The symptops are:
-
Login page open, but no matter how long I wait, it won't log in over web UI. (TCP connection is established, but login does not complete)
-
ssh connection is same, TCP establishes, but the actual login won't complete. The few rare times it does, it kicks you out with 'write failed: Pipe broken' after some seconds.
-
-
Sounds like you might not be setting the clients to use the CARP VIP as the gateway.
-
Unfortunately the CARP VIP is used. I think I'll just accept that it refuses to work over L3.
-
It works fine. Maybe your switches aren't moving the CARP MAC address like they should.
-
That would imply that nothing would work, but the problem is limited to the standby switch only. Internet works, other resources on the other L2 work, so the gateway MAC cannot be blamed.
-
Telling you, bro. it all works. You have something hosed up or are misunderstanding something.
-
No doubt. Just would be nice to know what.
-
Hello,
I have the same issue here. I'm using pfsense 2.4.4.
Being in the pfsense network I have access to the standby node without any problem.
Trying to access the standby node from a different network, https access become unresponsive.cmouse have you found a way to overcome this issue?
