Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP without WAN?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 423 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      puneet1984
      last edited by

      Hello
      i want to setup a CARP HA setup for my pfsense.
      presently pfsense is on bare metal hardware.
      want the backup pfsense on proxmox.

      my requirements-
      want to have a backup pfsense running so that the internal vlan routing and dhcp can be achieved even when primary pfsense is down.
      not worried about internet connectivity from the backup pfsense.

      netdiag1.png

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @puneet1984
        last edited by

        @puneet1984 https://docs.netgate.com/pfsense/en/latest/highavailability/#ip-address-requirements-for-carp
        "It is technically possible to configure an interface with a CARP VIP as the only IP address in a given subnet, but it is not generally recommended. When used on a WAN, this type of configuration will only allow communication from the primary node to the WAN, which greatly complicates tasks such as updates, package installations, gateway monitoring, or anything that requires external connectivity from the secondary node."

        On the plus side as of pfSense 2.6/22.01 the state sync is not bound to the interfaces so the hardware can now differ.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          It's probably possible. You'd need to arrange VLANs shared between the physical and virtual pfSense instances such that all interfaces share a layer 2 connection with each other.

          Steve

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.