PfSense 2.4 & CARP with DHCP-on-WAN
-
Hello - hoping I'm missing something simple here.
My interfaces are:
WAN1 - DHCP only (Gets a public IP, but not a static IP)
WAN2 - DHCP only (Gets a public IP, but not a static IP)
LAN
CARPWithout considering CARP, my WAN setup works. I have both ISPs in a tiered Gateway Group and failover between ISPs works as expected. I have no static routes defined. Neither WAN has a checkmark for the "this will select the above gateway as the default gateway" option.
I have CARP working, everything one firewall 1 is replicated to firewall 2, firewall rules are working. No problems here.
On the LAN:
FW1 - 10.10.50.1
FW2 - 10.10.50.2
VIP - 10.10.50.254However, from this point it gets a little "weird" - I know I need to NAT the traffic from the VIP outbound, and CARP needs to be aware of the WAN; but I have no idea if my only option are DHCP IPs from the WAN side to complete the CARP setup.
Every document I've read says I need to assign a VIP in the WAN subnet; and by this metric I would need two VIPs, one in each WAN subnet. I don't know how to achieve that in pfSense when the WAN IP is subject to constant change.
On a Cisco ASA this is not even an issue. Failover is a matter of a very similar process without pfSense's requisite VIPs. Enabling high availability failover only requires a standby IP in the LAN(s) but not necessarily for the WAN(s).
Any help on this would be great. I feel like the answer might be "put a router in front of the firewall" - even though pfSense is perfectly capable of routing.