4. CARP messing with route and VIP

CARP messing with route and VIP

  • B

    Hi

    i had 2 servers where PfSense (2.3.2) is installed with 2 NIC for each server, each NIC with 2 VLANs so 4 DMZ used per server, i had problems with CARP so i had added 2 other physical NICs, now my 4 DMZ each one use a physical NIC for each server

    my DMZs are
    WAN1
    WAN2
    LAN (192.168.1.1 and 192.168.1.2)
    HA

    3 VIP for CARP
    CARP_WAN1 associated with WAN1
    CARP_WAN2 associated with WAN2
    CARP_LAN associated with LAN (192.168.1.3/32)

    i have 3 gateways configured
    GWWAN1 for WAN1
    GWWAN2 for WAN2
    GWLAN for LAN

    the GWWAN1 and GWWAN2 are configured directly in the interfaces WAN1 and WAN2
    GWLAN is configured in "static routes" where i added 10 routes to some servers

    CARP is well configured, in the master all (XMLRPC Sync) are selected

    the problem :
    when i do some changes in the Master and i do apply, i am getting on the backup server
    "Interface specified for the virtual IP address 192.168.1.3 does not exist. Skipping this VIP"

    checking the backup server, i notice that the CARP_LAN is no more associated with LAN but with WAN1 !!!
    checking the gateways, i notice that the gateway GWLAN changed to disabled and this gateway is no more associated with LAN but with WAN1 !!!

    i have done the test many many times, same problem
    i deleted the LAN gateway, the LAN CARP VIP and re-add them without success

    each time, the same problem, the interface assicated to the LAN gateway and to the LAN CARP VIP changes automatically on the backup server when i do some changes in the alias of the master for example

    if i uncheck "Static Route configuration", "Virtual IPs" in (XMLRPC Sync) on the Master, the CARP works perfectly
    if i uncheck just "Static Route configuration" in (XMLRPC Sync) on the Master, the LAN gateway stay ok and active on the backup but the LAN CARP VIP is faulty as its interface change from LAN to WAN1 automatically

    please any hint to resolve the problem ?
    thanks

    0
  • V

    Use the same interface order on both boxes. For instance, if WAN1 is assigned to network port re0 and WAN2 to re1 on master, ensure that the interfaces are assigned the same way on the backup box.

    0
  • B

    they are aleady absolutely the same for both servers (Master and Backup)

    bge0 –- WAN1
    bge1 --- WAN2
    em0 ---- LAN
    em1 ---- HA

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy