Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    CARP working properly, except WAN1 packetloss on Backup until Master

    HA/CARP/VIPs
    2
    4
    146
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      talaverde last edited by talaverde

      I have CARP configured with HyperV on separate hosts, L2 switch and two WANs. Failover works as it should, except the gateway monitoring for WAN1 on BACKUP node shows 100% packetloss (only) when in backup status. WAN2 shows online, always. (CARP status is Backup for all interfaces, as it should be)

      When the Backup node takes over as Master, WAN1 packetloss goes away instantly and failover is successful.

      I rebuilt both pfSense installations from scratch about a month ago. Before the rebuild, I'm pretty sure both WANs always displayed online status in widget on both nodes. It makes me think I confiured something wrong with the rebuild. While I re-created the VMs, the HyperV hosts and networking were untouched. (Though maybe a modem firmware was pushed by ISP)

      The only indication of something off is in the gateway widget. It makes me wonder if this is normal behavior.

      Any thoughts on what this might be? Or commands I could run othe Backup node (while not Master) to look for issues?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Sounds like you might be performing outbound NAT to the CARP VIP on traffic from the firewall itself.

        Or you're attempting some kind of configuration where the interfaces do not have routable addresses except for the CARP VIP.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        T 1 Reply Last reply Reply Quote 0
        • T
          talaverde last edited by talaverde

          I just posted I thought I fixed it, but it turns out I did not, so I removed my post. I'll look into the items you listed. It'll take me some time.

          1 Reply Last reply Reply Quote 0
          • T
            talaverde @Derelict last edited by talaverde

            @Derelict Thanks for the tips. I got it to work. I didn't really understand what you meant, but I agreed it seemed like a NAT issue. I found a separate thread where you said the 'NAT Addresss" should be the VIP address. So, I made sure to change all the WAN1 and WAN2 mappings to the VIP addresses. (I tried this once in the past, but I didn't think it worked. I must have not refreshed it or something)

            https://forum.netgate.com/topic/119782/solved-setup-manual-outbound-nat-section-in-pfsense-docs-unclear-to-me/4

            Anyway, after using the VIP addresses in the NAT mappings, it fixed the WAN1 to be online at all times.

            Thanks!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post