Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. carp
    Log in to post
    • All categories
    • T

      Source interface for RADIUS auth traffic
      General pfSense Questions • radius carp • • TO2020

      22
      0
      Votes
      22
      Posts
      480
      Views

      T

      @stephenw10
      The AWS side will likely propagate whatever you advertise to it, because I manage both ends and that's just how the virtual private gateway works in AWS.
      I guess there might be a slight risk here, but hopefully AWS won't make a change that reject these routes.

      Of course, ideally I hope that pfSense will allow the source to be configured in a future release of the OS. As far as I know, other firewall vendors are able to do so.

      /Thomas

    • P

      Inserire una WAN su sistema HA esclusiva di un nodo.
      Italiano • high availabili carp multi wan • • Polisenno

      1
      0
      Votes
      1
      Posts
      392
      Views

      No one has replied

    • MrPete

      CARP: Small UI change and/or systemwide checker would sure help!
      HA/CARP/VIPs • carp dhcp dns • • MrPete

      1
      0
      Votes
      1
      Posts
      506
      Views

      No one has replied

    • K

      How do I setup ddns on carp interface
      General pfSense Questions • ddns carp interface • • kevin bradt

      1
      0
      Votes
      1
      Posts
      69
      Views

      No one has replied

    • lexxai

      Add to GUI DHCP option for configue Failover peer NAME
      DHCP and DNS • carp dhcp failover gui high availabili • • lexxai

      1
      0
      Votes
      1
      Posts
      149
      Views

      No one has replied

    • A

      Advskew and Gateway Status
      HA/CARP/VIPs • advskew carp gateway script • • Asmyth

      1
      0
      Votes
      1
      Posts
      266
      Views

      No one has replied

    • S

      Choose CARP interface priority
      HA/CARP/VIPs • carp lan side • • sinaowolabi

      1
      0
      Votes
      1
      Posts
      193
      Views

      No one has replied

    • noahajac

      CARP IP is in backup state however it is still answering queries on other VLANs
      HA/CARP/VIPs • carp vlan vip • • noahajac

      1
      0
      Votes
      1
      Posts
      126
      Views

      No one has replied

    • A

      HA setup with two WANs and only one pfSense per WAN
      HA/CARP/VIPs • carp failover wan checking availability • • Avatat

      4
      0
      Votes
      4
      Posts
      352
      Views

      Derelict

      The best way to do an HA deployment is it invest in the gear necessary to build it correctly. Bridging like that is generally incompatible with pfSense HA.

      https://docs.netgate.com/pfsense/en/latest/highavailability/layer-2-redundancy.html

    • junicast

      CARP dual Master for short period
      HA/CARP/VIPs • carp • • junicast

      2
      0
      Votes
      2
      Posts
      191
      Views

      junicast

      As it turned out there was a loop on an interface which caused that behavior, sad but true.

    • Y

      Problem with Virtual IP
      HA/CARP/VIPs • pfsense virtualip configuration carp failover • • yuridmelo

      10
      0
      Votes
      10
      Posts
      180
      Views

      S

      It can depend on the switch/router on the other end of the cable. For instance with Comcast routers often when replacing a router in an office (inside the Comcast router) I've found it's fastest to power off or reboot the Comcast router so it learns the IP has a new MAC. If you have the second router on, and are just plugging in cables, I would wonder if restarting the second router (or just leaving it off and powering it on) would help.

      But overall CARP set up properly works basically instantly so that would be preferred. https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

    • hydrian

      Odd HA-Deployment
      General pfSense Questions • carp virtualization kvm • • hydrian

      1
      0
      Votes
      1
      Posts
      82
      Views

      No one has replied

    • C

      VHID VIP Clarification
      HA/CARP/VIPs • vip carp vhid • • Casus

      3
      0
      Votes
      3
      Posts
      471
      Views

      JeGr

      CARP/VRRP/etc. are using not only virtual IPs but also virtual MACs to make failover a smooth experience without clients or network equipment having to learn a new MAC address of a failover server like with only IP based configurations (early linux HA cluster for example).

      The VHID setting is influencing which MAC is handed out for that CARP style VIP. All of them are (IMHO) using the failover MAC space of

      00:00:5E:00:01:XX

      so with changing the VHID you are also configuring the last "XX" segment of said MAC address. That's why it has to be unique on that network segment (L2) and you also have to watch out for other cluster/HA-grade setups, that are using VRRP or HSRP style VIP/MAC combinations. But if your pfSense cluster is the only cluster in that network segment, VHID 1 is commonly fine on all interfaces. We're using VHID 4 and 6 (for IP4 / IP6 VIPs on the same VLAN) over multiple VLANs just fine :)

    • M

      Multi IGMP Proxy Behaviour
      General pfSense Questions • igmpproxy igmp carp • • mannyjacobs73

      2
      0
      Votes
      2
      Posts
      219
      Views

      M

      @mannyjacobs73 said in Multi IGMP Proxy Behaviour:

      lthough I understand there is a difference between IGMP Snooping and IGMP Proxy, I do not completely understand how the IGMP Proxy service should be behaving when configured correctly... and especially with multiple devices / additional Virtual IP assigned.

      Hi,

      I'll re-write my query and hopefully someone can put me in the right direction...

      Basically I am wanting to know if there is any documentation or notes available regarding the behavior of the IGMP Proxy protocol which is found in pfsense (query timings, priority etc.) .

      Specifically when two devices are running IGMP Proxy on the same LAN, but even any pointers to more in-depth documentation as to how this service runs on a stand alone box, would be appreciated.

      Thank you

    • H

      DHCP Failover and CARP
      DHCP and DNS • dhcp carp high-avail • • howa_it

      2
      0
      Votes
      2
      Posts
      998
      Views

      H

      After running for the last week I haven't had any issues with not having a failover DHCP server defined.

      Each firewall takes over their duties as expected when their partner isn't available.

      I would like to get some final confirmation though; if anyone has been through this (CARP + DHCP server failover) please tell me if my setup seems strange.

    • C

      Recommended configuration for IPSEC with HA
      IPsec • ipsec high availabili carp • • candlerb

      2
      0
      Votes
      2
      Posts
      939
      Views

      dotdash

      Yes, you can use a CARP address as the IPSec endpoint. There is an option to sync IPSec configuration in the XMLRPC Sync options on the HA Sync page.

    • J

      VM In promiscuous mode cause phisical Pfsense in ha mode using carp unable to route between internal networks
      HA/CARP/VIPs • vmware carp routing • • jgngnj

      2
      0
      Votes
      2
      Posts
      641
      Views

      Derelict

      Sorry. I have no idea what you are even asking.

      The basic things that need to be changed to run pfSense HA in VMware ESXi are described here:

      https://docs.netgate.com/pfsense/en/latest/highavailability/troubleshooting-high-availability-clusters.html?highlight=esxi#hypervisor-users-especially-vmware-esx-esxi

    • C

      Port forwarding with CARP and gateway group
      Routing and Multi WAN • port forward gatewaygroup carp 2.4.4 • • cezp

      1
      0
      Votes
      1
      Posts
      283
      Views

      No one has replied

    • S

      XG-7100 member randomly stops passing traffic
      Official Netgate® Hardware • xg-7100 carp • • sippycups

      1
      0
      Votes
      1
      Posts
      201
      Views

      No one has replied

    • P

      CARP, HA, pfsense, and Switches
      L2/Switching/VLANs • carp m4300 sg350 • • purduephotog

      11
      0
      Votes
      11
      Posts
      1130
      Views

      P

      @teamits yeah. It should just work. It doesn't tho... And it's really messing up my holiday giving spirit.

      I should've just did it all myself. No outside vendor. Sigh.

    • S

      CARP VIP member recovery problems
      HA/CARP/VIPs • vip carp restore • • sameckert

      13
      0
      Votes
      13
      Posts
      837
      Views

      S

      i've solved the problem. its very similar to bridge behavior i encountered in another installation. I only have vlans defined for my LAGG. once i created another interface that would be untagged on the LAGG, it picked up my native vlan as expected. all of the VIPs for the tagged interfaces started working.

      so just for my own curiosity i deleted the native interface i crated and rebooted. everything still works. all in all i must have just jiggled the handle