CARP and high available sync

  • Hello Pfsense community,

    i'm facing a problem with CARP and HIGH available sync on one of my firewall cluster. I have 15 CARP IPs and just 3 have bad interfaces on VHID group. VHID and IP are correct but interface isn't.
    I checked passwords, subnet masks, IP ranges but all seem OK. I also tried to fix it manually on secondary node but after applying configuration on primary it is obviously bad again. But it is working for a while…

    I have this issue just within one IP range with /27 subnet as you can see in attached pictures.

    Have anybody had something similar?

    Thank you
    ![Screen Shot 2017-06-21 at 08.39.32.png](/public/imported_attachments/1/Screen Shot 2017-06-21 at 08.39.32.png)
    ![Screen Shot 2017-06-21 at 08.39.32.png_thumb](/public/imported_attachments/1/Screen Shot 2017-06-21 at 08.39.32.png_thumb)
    ![Screen Shot 2017-06-21 at 08.39.37.png](/public/imported_attachments/1/Screen Shot 2017-06-21 at 08.39.37.png)
    ![Screen Shot 2017-06-21 at 08.39.37.png_thumb](/public/imported_attachments/1/Screen Shot 2017-06-21 at 08.39.37.png_thumb)

  • LAYER 8 Netgate

    For starters, your interfaces must match exactly on primary and secondary. They must be defined in the same order and optX on primary must equal optX on secondary.

  • aahhhh… that's it.

    I'm going to change it and let you know.

    ![Screen Shot 2017-06-21 at 09.09.58.png](/public/imported_attachments/1/Screen Shot 2017-06-21 at 09.09.58.png)
    ![Screen Shot 2017-06-21 at 09.09.58.png_thumb](/public/imported_attachments/1/Screen Shot 2017-06-21 at 09.09.58.png_thumb)

  • You saved me a lot of time… The problem was in interface numbering(OPTX). I Have just fixed it and it is working!

    Thank you!

Log in to reply