Vlan-interface-dhcp-client
-
I have two pfsense firewalls (rel 2.3.2) set up as main/backup using CARP. Both firewalls have dual WAN set up as a gateway group (a fallback WAN if primary WAN is down). Both backup and primary WAN are distributed through the same LAN-switches, each on a separate VLAN. I sometimes run in to a situation where the primary WAN is down, and then goes back up again, but the "UP" is never detected by pfsense. Maybe since the interface is a VLAN interface and ther is no change in the actual link-status, since the switch distributing the VLAN was never offline?
However, this results in primary WAN being up, but the primary gateway is marked as down by pfsense, resulting in traffic flowing through backup WAN. If I manually refresh the DCHP-client for the WAN interface, I get a new IP lease and everything goes back to normal (i.e. traffic is routed through primary WAN). It is as if pfsense never requests a new IP if the link-status doesn't change on the WAN interface? Sometimes the DCHP status says "pending" and does so indefinitely, or until I manually force a "DHCP renew" or takes the VLAN interface down and up again.
Is there a way to configure pfsense to automatically retry dchp-requests at some interval? even if no link-state change is detected?
-
CARP/HA using DHCP WAN addresses? What did you do to finagle that into "working?"
It is an unsupported configuration generally requiring a separate NAT device upstream to do the DHCP, presenting a LAN interface for the HA interface addresses and CARP VIP(s).
-
Well, the WAN interfaces on each pfsense HA-node does not share a virtual IP, so there is no seamless failover of sessions between the HA nodes, if one node goes down, the backup node will take over, but all state/sessions are lost and needs to be re-initialized. like you said, in order for this to be done correctly one would have to have some control over the upstream hardware (which I don't).
