Vlan & HA
-
So if i trunk 2 ports on my Cisco 2960s poe+ & plug the lan ports from the 2 PFsense Vms i should see the carp functin?....
-
@MrGamecase
Yes. But it should also work on Proxmox.
Did you enable "VLAN awareness" on the Bridge? -
Yes Vlan awareness is enable on the Lan port in Proxmox A & B Server, i have a VM spun up with a tag of 20 and i do not get DHCP from anything apart from the primary lan ??.??.10.?? & only when ther are no vlans involved on the CARP
-
@MrGamecase
Maybe you have forgotten to disable hardware checksum offloading? -
@MrGamecase said in Vlan & HA:
Yes Vlan awareness is enable on the Lan port in Proxmox A & B Server, i have a VM spun up with a tag of 20 and i do not get DHCP from anything apart from the primary lan ??.??.10.?? & only when ther are no vlans involved on the CARP
Adding the Vlan ports to the carp, causes everything to display unknon peer state, Both master & backup flick to master on the vlan ports
PF Carp Master
PF Carp Backup
-
@MrGamecase this old post about ha and vlans may still come into play... I would follow derelicts instructions on how to bring up the vlan for your ha.
-
@MrGamecase this old post about ha and vlans may still come into play... I would follow derelicts instructions on how to bring up the vlan for your ha.
I come across this earlier but did not quie understand, I am but a simple noob when it comes doown to PFSense,
When you add VLANs and interfaces to a node in a high availability pair, the changes are not synced. When you finally add the CARP VIP to the master, that is synced.
I'm sort of new to pfSense HA, but I've been spending a bit of time with it lately and this is what I have learned:
pfSense (pfsync) syncs based on the internal interface designator. These are wan, lan, and optX. It doesn't care what your pretty interface name is.
It doesn't matter if you don't use the physical, untagged interfaces. Assign them to pfSense interfaces first thing. Make each HA node match exactly.
I can indeed confirm Each PFBox was mede exacly the same down to the ports assigned in Proxmox to the porst assigned in PFSense
-
@MrGamecase
Again, did you disable hardware checksum offloading in pfSense? -
can coinfirm this on both bopxes
-
@MrGamecase
Receving this on the logs of the second PFServer -
Ok, so scrambling round for an unused switc, i have discovered the Proxmox on its own wont do layer 2 switching.. once i plugged the 2 vPFsense into a switch they started behaving as expexted....
All the CARP HA responded as primary & backup acordingly and failover works like a charm.