GW Group and/or CARP sync anomaly. Bug or ???

MrPete

I've got my Single-WAN CARP setup working rather nicely, with a somewhat pain-in-the-neck exception.

Manually configured, everything works great until a sync-from-primary. In the GUI, as-configured, it seems that it ought to be fine. But on any touch from primary, the gateway configuration is broken.

Below: some context, then details of my observations. Any clues most welcome.

Context

• Single WAN IP. CARP VIP's there using 192.168.222.2-3
• Many local VLANs, but primary is 192.168.1.* (VIP is .1, Prim/Sec are .2 and .3)
• (Perhaps of interest... this does work: my ISP provides gigabit fiber with static IP via PPPoE. I have to do some workarounds because pfSense doesn't believe PPPoE can be static, but that's a separate topic ;) )

Here is the correct setup for gateways and gw groups on primary and secondary:
Primary


Secondary

After an update from primary, the secondary GW group is busted (Tier 1 is gone):

(I was having trouble with IP addresses changing but that stabilized. Primary GW group is configured essentially the same)

QUESTION
Is it required that Interface names be identical on Primary/Secondary? That's not listed in the documentation AFAIK (I ask because perhaps this is why when primary routing info is updated to secondary, the secondary gw group breaks...)

viragomann

@mrpete said in GW Group and/or CARP sync anomaly. Bug or ???:

Is it required that Interface names be identical on Primary/Secondary?

Yes. But the internal name pfSense is using (WAN, LAN, OPT1, ...).
Check System > Interfaces for reference.

BTW: Also not clear, why the "backup gateway" has the same IP on both nodes.

MrPete

@viragomann
Internal reference names ARE identical (optX etc). Just the GUI names are different.

Yes, the IP's are identical, but that doesn't actually matter!

• The Tier 2 gateway on either system is only active when it is secondary.
• At that point, it doesn't control the CARP VIP (*.1.1)
• The CARP VIP is the active LAN IP when this box is secondary.

That part actually works! :)

viragomann

@mrpete
The interface names you've set in the GUI is not relevant for syncing AFAIK.

Yes, the IP's are identical, but that doesn't actually matter!
The Tier 2 gateway on either system is only active when it is secondary.
At that point, it doesn't control the CARP VIP (*.1.1)
The CARP VIP is the active LAN IP when this box is secondary.

That part actually works! :)

Never seen such a set up.

I'd configure the LAN address of the respective other node as Tier 2.
But first disable the sync of gateway settings to avoid it gets overwritten on the secondary.

MrPete

@viragomann

The one thing I notice, examining config.xml: the internal ID for a gateway group is pretty unique.

No idea how that is supposed to sync or not...

I'm going to do more experiments tomorrow...