Configure AWS Pfsense instance to failover IPsec to another instance



  • Hi,

    i'm trying to have High Availability in AWS for my Pfsense instance, this instance has IPsec tunnels and also is the firewall of the instances behind the Pfsense. the rest of the instances are HA already with the AutoScaling service, but this approach does not work well with Pfsense. I launched a new pfsense in another AZ to function as the "slave". I configured it with the password and settings like that. In the "master" pfsense i configured the System -> High Avail Sync as the follow:
    Master
    Synchronize states: Enabled
    Synchronize Interface: WAN
    pfsync Synchronize Peer IP: Here i put the private IP of the WAN interface of the failover
    Synchronize Config to IP: Here i put the private IP of the WAN interface of the failover
    Remote System Username: admin (of the Failover)
    Remote System Password: admin password (of the Failover)
    Select options to sync: Everything selected

    Slave
    Synchronize states: Disabled
    Synchronize Interface: WAN
    pfsync Synchronize Peer IP: empty
    Synchronize Config to IP: empty
    Remote System Username: empty
    Remote System Password: empty
    Select options to sync: empty

    Then i went to Firewall -> Virtual IP (Master)
    For WAN:
    i choose type CARP
    WAN interface
    Address: i put 198.51.100.200/24
    VIP Password: random password
    base 1 Skew 0

    For LAN:
    i choose type CARP
    WAN interface
    Address: i put 192.168.1.1
    VIP Password: random password
    base 1 Skew 0

    In Slave i did not modify this part. In here is where i'm stucked because both appears as Master.