Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Preventing UCARP from taking over on boot

    HA/CARP/VIPs
    2
    4
    637
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp
      last edited by

      Greetings all,

      We have a pair of pfSense firewalls running 2.1.5 in an HA configuration (via UCARP) that need upgraded to 2.4.2P1.  I have been testing the upgrade procedure in the lab, and learned we need three separate upgrade cycles to get from 2.1.5 to 2.4.2P1 (first 2.1.5 to 2.3.5, then 2.3.5 to 2.4.2, then 2.4.2 to 2.4.2P1).  Upgrading the standby is no problem as the primary will continue to hold the VIPs until the complete upgrade is done.

      However, once the primary is upgraded from 2.1.5 to 2.3.5, it will reboot and acquire the VIPs again.  This causes a small IP outage until I go and disable the VIPs in the WebGUI.  The same event happens when going from 2.3.5 to 2.4.2.

      Is there a (hidden) option somewhere to prevent UCARP from running on boot?  I would like to completely disable UCARP on the primary until all the upgrades are complete, then allow it to take over the VIPs.  I tried adding "net.inet.carp.allow=0" to /etc/sysctl.conf file on the master but it still started UCARP and grabbed the VIPs on boot.

      For what it's worth, the "Enter Persistent CARP Maintenance Mode" option is NOT available on 2.1.5, thus the primary will take over the VIPs on boot.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Then get upgraded and you will have persistent maintenance mode. Sorry it doesn't exist on that ancient version.

        You could take a configuration backup, take the node offline (as in unplugged from the network), reinstall fresh using the 2.2.6 LiveCD or memstick image from here:

        https://nyifiles.pfsense.org/mirror/downloads/old/

        (This would be a GREAT opportunity to switch to amd64 if you are on i386)

        Restore the backup config

        Set CARP Maintenance mode (It was introduced in 2.2)

        Reconnect the node.

        From there you can use maintenance mode for the remaining upgrades.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rkelleyrtp
          last edited by

          Thanks for the suggestion!  I thought about your idea the other day (config backup; fresh install with 2.3.5; config restore) but was hoping there was an easier way.

          Really appreciate the fast reply.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            In all honesty, I would go to 2.2.6 first.

            It is much more tolerant of being installed with the WAN disconnected.

            After you can do it in Maintenance mode with the WAN connected the other upgrades will go a lot smoother.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.