Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HA with single WAN IP, hard to find solid info

    HA/CARP/VIPs
    2
    4
    326
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tiwing last edited by

      Hi, I've decided to run pf on a VM inside Unraid. I have two unraid boxes, and want to set up HA for fun and for spousal happiness when one unraid box goes down, but I only have a single WAN IP (dynamic) from my ISP. I understand that HA requires two IPs, and I read somewhere, wish I could find the link, that a router between the modem and the two HA machines could be used to assign two real IP addresses. I realize this is a single point of failure, but I'm OK with it - my house is not mission critical.

      Assuming my logic is sound - would I simply disable the firewall on the router in front of pfsense boxes, and keep dhcp running (but set up static assignments) ? Anything else that I should turn off? I'm using an Asus RT-N12 I had lying around for this - don't need much power in it and my internet speed is less than 100 mbps and will be for the forseeable future. ASUS router would have the address 10.0.13.1, dhcp assignment to the two pfsense boxes would be 10.0.13.2, and 10.0.13.3. pf sense assigns in the 192.168.13.x and 192.168.14.x ranges.

      I'm good with the sync interfaces running through dedicated NICs on each box through a dedicated physical switch - it's the access to internet that's messed with my mind a bit.

      Thoughts, please?

      cheers.

      1 Reply Last reply Reply Quote 0
      • T
        tiwing last edited by tiwing

        8e50e883-f8b0-4a87-8fc9-a223d3cb9260-image.png

        Drew a pic to see if I got it OK... ??

        Also found this guide: https://www.slideshare.net/NetgateUSA/high-availability-pfsense-hangout-june-2015 Is it still valid?

        I have identical 4 port intel NIC with all ports passed through to VM in each unraid box - 3 ports for this, plus a 4th for guest on 192.168.14.1 CARP that I didn't draw for guest network access point(s).

        1 Reply Last reply Reply Quote 0
        • T
          tiwing last edited by tiwing

          Figured I would update with what I came up with. It works perfectly including immediate fail-over on both LAN and GUEST networks (but openvpn does not). I hope this helps someone else with their single WAN setup.

          I should note, the ISP modem and first router is a single point of failure, but the router is basically doing nothing except DMZ to the WAN CARP, so not really concerned. It's accessible through its own wifi for if/when I need to get in.

          28819cde-4f6c-4702-b18b-46a5bfaaad89-image.png

          1 Reply Last reply Reply Quote 1
          • S
            Sinistercalling last edited by

            Anyway you would consider making a Video tutorial of how you got this to work ? trying to achieve the same thing but video guide exists for those of us with a single dynamically assigned IP address

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy