Fresh setup - no response on VIPs
-
Just started to setup a fresh system, with HA. I have tested this a year or so ago with success, so not sure what I am doing wrong this time.
I have a /29 which .201 is assigned to our NTE.
pfsense WAN IPS are...
Router1 = .203
Router2 = .204
VIP = .202Similar has been done for the LAN side also.
Sync is working and settings are syncing to Router2.
If I point a client to Router1 or 2, I can access the internet. But if I point it to the WAN VIP I get nothing. I can ping WAN 1 and 2 but not the VIP. This is similar for the LAN side, I can ping each IP but not the VIP IP.
I have read that pings wont work on the CARP addresses anyway, but nothing routes either.
Up to this point I haven't setup the outbound NAT, if I do this it gets worse, as I cannot access anything via Router1 or 2 anymore.
I have redone the setup a second time and used this to confirm my process to be sure... https://vorkbaard.nl/how-to-set-up-pfsense-high-availability-hardware-redundancy/
-
@malakym said in Fresh setup - no response on VIPs:
I have read that pings wont work on the CARP addresses anyway,
Bullshit!
The CARP IP is assigned to a device, if master or backup, similarly to an IP alias VIP and can be used for nearly any purposes. Pinging the device as well, of course, if there is a rule allowing it.I'd survey the LAN side first. You cannot ping the LAN VIP?
What shows Status > CARP?Do your firewall LAN rules allow the access? Allow any for investigating.
-
I think the best way to find out an answer, is to ask the question online first.
I had forgotten that if using ESXI, Promiscuous Mode is needs to be turned on for CARP. Whilst this was turned on on one virtual host, the other was newer and had been misconfigured.
Pings to the LAN CARP IP work as well, and the outgoing NAT is fine as well.
-
@viragomann I had misread this page here https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html got it mixed up with the CARP docs.