• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can / Should i use a CARP address as default GW (LAN)

HA/CARP/VIPs
2
7
766
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    planetinse
    last edited by Feb 7, 2023, 2:05 PM

    Is it correct/best practise to in a scenario with two pfsense use a internal CARP for failover default gw (LAN gw) that is assigned from DHCP (from same pfsense boxes)

    ie.
    pfsense 1 - 192.168.0.1
    pfsense 2 - 192.168.0.2
    CARP 192.168.0.3

    then i DHCP server I set default gw to be assigned to LAN clients to 192.168.0.3

    I have some funny shit happening with haproxy (on internal https offloading) - and i suspect this is involved somehow...

    If not best practice - how should it be accomplished?

    V 1 Reply Last reply Feb 7, 2023, 2:34 PM Reply Quote 0
    • V
      viragomann @planetinse
      last edited by Feb 7, 2023, 2:34 PM

      @planetinse
      Yes, you should set the CARP VIP to be your LAN gateway in the DHCP settings.

      I have some funny shit happening with haproxy (on internal https offloading)

      What?

      HAproxy in real proxy mode should have nothing to do with high availability.
      The proxy forward the packets with the interface IP as source, even if you have CARP configured. So it should not have any impact.

      P 1 Reply Last reply Feb 7, 2023, 2:38 PM Reply Quote 0
      • P
        planetinse @viragomann
        last edited by planetinse Feb 7, 2023, 2:40 PM Feb 7, 2023, 2:38 PM

        @viragomann

        I know that, and the problem is that it is working intermittent

        ...so iam looking at different scenarios, and suspect my way of doing this DHCP/LAN/FAILOVER "setup" is not correct way of doing it....

        It does work if each pfsense box assigns itself as default GW. (aka, pfsense1 is always default gw as long as its online)

        but then i loose failover on outgoing.

        V 1 Reply Last reply Feb 7, 2023, 2:50 PM Reply Quote 0
        • V
          viragomann @planetinse
          last edited by Feb 7, 2023, 2:50 PM

          @planetinse
          Have you configured the states sync in System > High Availability Sync?

          P 1 Reply Last reply Feb 7, 2023, 3:06 PM Reply Quote 0
          • P
            planetinse @viragomann
            last edited by planetinse Feb 7, 2023, 3:09 PM Feb 7, 2023, 3:06 PM

            @viragomann

            Yes, to get back to my question...

            Is this the "normal" way I would setup a "LB pair" when it comes
            to Default LAN GW & DHCP failover ..

            example of a .24 net
            pfsense 1 - 192.168.0.1
            pfsense 2 - 192.168.0.2
            CARP 192.168.0.3

            then I configure DHCP server to assign clients default gw to the CARP address.

            .. or iam i barking up the wrong tree here, no reason to try get something to work, if it was not supposed to be done like that :)

            (This is a running environment with 400+ LAN clients)

            V 1 Reply Last reply Feb 7, 2023, 3:28 PM Reply Quote 0
            • V
              viragomann @planetinse
              last edited by Feb 7, 2023, 3:28 PM

              @planetinse said in Can / Should i use a CARP address as default GW (LAN):

              Is this the "normal" way I would setup a "LB pair" when it comes
              to Default LAN GW & DHCP failover ..
              example of a .24 net
              pfsense 1 - 192.168.0.1
              pfsense 2 - 192.168.0.2
              CARP 192.168.0.3

              On the primary node in the interface DHCP settings you have to state 192.168.0.3 as gateway and at "Failover peer IP" you have to enter 192.168.0.2.
              The secondary's config should be adopted automatically.

              In the DHCP settings there is nothing more to do so far for enabling HA failover.

              In the HAproxy general settings you have to select a CARP VIP at "Carp monitor", which instructs pfSense to stop the service if the other node owns the master role.

              P 1 Reply Last reply Feb 7, 2023, 3:33 PM Reply Quote 0
              • P
                planetinse @viragomann
                last edited by Feb 7, 2023, 3:33 PM

                @viragomann

                Good, so this is the way it should work then, then i can stop suspecting this was related to the issues at hand, thx !

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.