Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP working properly, except WAN1 packetloss on Backup until Master

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 524 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      talaverde
      last edited by talaverde

      I have CARP configured with HyperV on separate hosts, L2 switch and two WANs. Failover works as it should, except the gateway monitoring for WAN1 on BACKUP node shows 100% packetloss (only) when in backup status. WAN2 shows online, always. (CARP status is Backup for all interfaces, as it should be)

      When the Backup node takes over as Master, WAN1 packetloss goes away instantly and failover is successful.

      I rebuilt both pfSense installations from scratch about a month ago. Before the rebuild, I'm pretty sure both WANs always displayed online status in widget on both nodes. It makes me think I confiured something wrong with the rebuild. While I re-created the VMs, the HyperV hosts and networking were untouched. (Though maybe a modem firmware was pushed by ISP)

      The only indication of something off is in the gateway widget. It makes me wonder if this is normal behavior.

      Any thoughts on what this might be? Or commands I could run othe Backup node (while not Master) to look for issues?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Sounds like you might be performing outbound NAT to the CARP VIP on traffic from the firewall itself.

        Or you're attempting some kind of configuration where the interfaces do not have routable addresses except for the CARP VIP.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        T 1 Reply Last reply Reply Quote 0
        • T Offline
          talaverde
          last edited by talaverde

          I just posted I thought I fixed it, but it turns out I did not, so I removed my post. I'll look into the items you listed. It'll take me some time.

          1 Reply Last reply Reply Quote 0
          • T Offline
            talaverde @Derelict
            last edited by talaverde

            @Derelict Thanks for the tips. I got it to work. I didn't really understand what you meant, but I agreed it seemed like a NAT issue. I found a separate thread where you said the 'NAT Addresss" should be the VIP address. So, I made sure to change all the WAN1 and WAN2 mappings to the VIP addresses. (I tried this once in the past, but I didn't think it worked. I must have not refreshed it or something)

            https://forum.netgate.com/topic/119782/solved-setup-manual-outbound-nat-section-in-pfsense-docs-unclear-to-me/4

            Anyway, after using the VIP addresses in the NAT mappings, it fixed the WAN1 to be online at all times.

            Thanks!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.