Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP in (Hetzner) Cloud

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    2
    250
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ccMatze
      last edited by

      Hi all,

      I want to set up a High Availability (HA) pfSense Cluster in Hetzner Cloud. We have two separate dedicated servers in the Hetzner Cloud, each with a public IPv4 address, and two separate private LAN networks for pfSync and "normal" LAN networking. Setting up the Sync Interface and State Synchronization (pfsync), as described here, worked without any problems. However, I have several questions regarding CARP.

      To my understanding, I need a third public IPv4 address as a shared address. In case of a failover, the shared address is switched from the master node to the backup node. How can I implement that "switch" in the cloud? I have the option to add a "floating IP" to one of my nodes, but how can it be used by the second node in case of a failover?

      Second question: I have public IP addresses in different IP ranges, e.g., 145.x.x.x and 202.x.x.x. When ordering a new floating IP, the IP will be in another different IP range. In the documentation linked above, all public IPs are in one public subnet. Is it even possible to implement CARP correctly over three different public IP ranges?

      Thanks for your help.

      N 1 Reply Last reply Reply Quote 0
      • N
        netblues @ccMatze
        last edited by netblues

        @ccMatze
        Floating ip's in hetzner can be moved only via robot administration, or custom api by making calls.
        If you need carp then you need to order a /29 subnet,
        However I don't see any option for /29 (or any other subnet) for cloud hosts.

        You need to rethink your approach. Hetzner cloud vm's are already redundant. So in case of failure, your pfsense instance will always be available.
        If you really need such redundancy then you should consider using dedicated servers which of course creates its own set of issues and concerns.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post