[v2.3.1] Carp master/backup inconsistent between 2 routers



  • I have a couple of CARP setups in place already (all on 2.2.x versions of pfSense), and I'm trying to set up a new configuration for a 3rd location.  The new setup is replacing a single router dual-WAN configuration running pfSense 2.2.5 using a dual-router dual-WAN configuration (new routers with 2.3.1).  However, in my test setup I am seeing the CARP IP for WAN failover to the backup router, and the CARP IP for LAN stays with the primary router.  This of course causes all communication to fail when going outside the LAN, including IPSEC tunnels to other locations.  My configuration is similar for LAN and WAN CARP:
    Router 1:
    LAN - x.x.1.2
    WAN - x.x.225.131

    Router 2:
    LAN - x.x.1.3
    WAN - x.x.225.132

    CARP:
    LAN - x.x.1.1
    WAN - x.x.225.130

    I can ping each of the IPs from a PC on the test LAN.  The primary router shows LAN and 1 other CARP network as Master, and WAN1 as backup.  The secondary router shows only the WAN1 as Master.  I have been into the VIP settings for both routers, and when this problem started I set the primary router as Base 1 Skew 10 and the secondary router as Base 2 Skew 200.  Unfortunately the secondary router keeps switching that back to Base 1 Skew 110, but that setting is the same across all CARP IPs so it still doesn't explain why 1 CARP address is failing over (when it shouldn't be) and the others are behaving as expected.  I have been able to get the secondary to maintain Base 1 Skew 200 through a reboot - but the same behavior occurs again.

    Any ideas?