CARP with PPPoE that has VLAN requirement
-
Have you tried following this guide?
https://docs.netgate.com/pfsense/en/latest/book/highavailability/example-redundant-configuration.html -
maybe if you can upload some screenshot of your pfsense configuration (carp/interface/pppoe), hiding sensitive stuff could be of help for the op and anyone with the same question
-
For the "standard" CARP/Sync/HA I'd say it's plenty of guides on how to properly set it up. Regarding PPOE this post that I've already sent it's already really detailed (just missing screenshots, but it should be easy following the steps).
I think we are missing an important information anyway: @NOTORIOUS_VR is it WAN link working with just one pfSense? First of all you need to make sure that it's working on a single machine so we can exclude Layer 2 (VLAN & switch) issues. Then please post some screenshot of interfaces, PPOE and VLAN configuration of the single pfSense so we can understand the configuration.
It's not clear where VLAN 35 is involved too: how are the switch ports (ONT and pFSense) configured? I guess ONT one should be tagged on VLAN35, and pfSense one? Is it untagged VLAN35? Or tagged VLAN35 and you are tagging inside pfSense (is virtual or physical) as well? -
@NOTORIOUS_VR said in CARP with PPPoE that has VLAN requirement:
I also have an issue with the backup unit losing the CARP/HA rule when it syncs, not sure what is causing that - lots of googling suggests it's an issue with different amounts of interfaces but the interfaces are the same number on both units.
Regarding this, just to be sure, No XMLRPC Sync option on the rule is disabled?
-
@gabri-91 said in CARP with PPPoE that has VLAN requirement:
For the "standard" CARP/Sync/HA I'd say it's plenty of guides on how to properly set it up. Regarding PPOE this post that I've already sent it's already really detailed (just missing screenshots, but it should be easy following the steps).
I think we are missing an important information anyway: @NOTORIOUS_VR is it WAN link working with just one pfSense? First of all you need to make sure that it's working on a single machine so we can exclude Layer 2 (VLAN & switch) issues. Then please post some screenshot of interfaces, PPOE and VLAN configuration of the single pfSense so we can understand the configuration.
It's not clear where VLAN 35 is involved too: how are the switch ports (ONT and pFSense) configured? I guess ONT one should be tagged on VLAN35, and pfSense one? Is it untagged VLAN35? Or tagged VLAN35 and you are tagging inside pfSense (is virtual or physical) as well?Hoping to revive this thread as I have a little bit of time to dedicate to this now.
In any event I can confirm that I have both boxes connected to my PPPoE provider at the same time (without HA/CARP involved at all).
Meaning both boxes have a public routable IP, both pfsense boxes initiate their own PPPoE sessions, etc.
the WAN IF is tagged VLAN35 for the ISP on each PF box.
I've just attempted to setup CARP/HA once again and completely lost my mind after one step the HA sync stopped working and I couldn't figure out why.
I ended up restoring my backup and will need to regroup.
Am I correct in thinking that I could make my LAN CARP address the current address of my primary box (.254) as long as I reassign the LAN IF from .254 to say .252? As so many services/devices/servers have .254 as the gateway
-
@notorious_vr said in CARP with PPPoE that has VLAN requirement:
Am I correct in thinking that I could make my LAN CARP address the current address of my primary box (.254) as long as I reassign the LAN IF from .254 to say .252? As so many services/devices/servers have .254 as the gateway
Yes, that's no problem.
If you use the DHCP server ensure, that you set the gateway in the DHCP settings to the CARP VIP. Otherwise the LAN IP is provided to the clients.
-
@viragomann said in CARP with PPPoE that has VLAN requirement:
@notorious_vr said in CARP with PPPoE that has VLAN requirement:
Am I correct in thinking that I could make my LAN CARP address the current address of my primary box (.254) as long as I reassign the LAN IF from .254 to say .252? As so many services/devices/servers have .254 as the gateway
Yes, that's no problem.
If you use the DHCP server ensure, that you set the gateway in the DHCP settings to the CARP VIP. Otherwise the LAN IP is provided to the clients.
That's what I figured thank you. I actually use AD for DHCP, DNS, etc.
In any event - I recently found a very good video on CARP - https://www.youtube.com/watch?v=Re7XffnJ6AQ - and he explained that all the interfaces between the boxes need to be identical even the order. This was not apparent and certainly not the case for my last attempt.
I've decided not to use the T610 Plus box now and am waiting on some USB network adapters to setup my micro PC as a 2nd esxi host, where I will again virtualize pfsense (like my main instance is) and then make sure everything is identical between the two before starting this again.
I certainly understand much more now how it's supposed to work thanks to the above video - I just hope my PPPoE situation works as @Gabri-91 put forth in that link above - I still don't get how putting a static WAN CARP IP will work when my ISP provides the IP but I guess I will find out!
-
Well I was finally able to make this all work - but for one reason or another loading say webpages was really, really slow.
Not sure if it was a DNS issue or something else.
I've reverted back to a single firewall for now - if anyone has any suggestions on what to check on the slowness that would be great.
Otherwise I'm happy that I even got to work at all.
-
@notorious_vr I've got IPv4 CARP/PPPoE/VLAN (201 -- CenturyLink) working nicely.
In fact, I'm doing it with two pfSense's running inside proxmox VM's.
And I just about max out my gigabit fiber up and down.
(I have my own issues, trying to get ipv6 working, but that's a separate issue ;) )
My suggestions for diagnosing speed issues: use tcpdump etc to capture traffic on the WAN interface and a selected LAN interface. You'll likely learn something.
-
Speed (as in throughput) wasn't an issue with CARP configured. I got 1500/1000 on my main box and 950/950 on my backup box (1GbE).
It was some sort of lag with bringing up the sites (like a DNS issue of some sort).
-
@notorious_vr Could be you had DHCP handing out the wrong IP for DNS or gateway... so there was delay while various things failed.
Wireshark on the client computer would likely teach a lot for that.
-
@mrpete said in CARP with PPPoE that has VLAN requirement:
@notorious_vr Could be you had DHCP handing out the wrong IP for DNS or gateway... so there was delay while various things failed.
Wireshark on the client computer would likely teach a lot for that.
No - DHCP was fine (and didn't change in my case).
-
@notorious_vr Good.
In any case, my go-to tool for speed stuff is Wireshark (and tcpdump inside of pfSense, saved to a file to examine w/ Wireshark)
I can see:
- Packet timing
- All kinds of packet issues
- Smart analysis of entire streams
- Etc.
-
I also have a century link connection that runs on VLAN 201. I currently have the modem in bridge mode and have PFSense taking care of the log in.
I am currently struggling with setting up the CARP properly on the boxes. Do you have a guide that I could follow?