Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA/CARP with two WAN same /29

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 267 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fireix
      last edited by fireix

      My ISP in the data center provides redundant Internet and a /29 transport net (two physical fiber cables).

      On my end, I'm instructed to similar to this setup (192.168 just for privacy in forum):

      HSRP/VRRP or similar IP: 192.168.12.188
      WAN1 IP: 192.168.12.189
      WAN2 IP: 192.168.12.190
      ISP Gateway: 192.168.12.185 (HSRP/VRRP of my ISPs gear)

      Temporary, I will only use one pfSense, but I do want if possible to have fail-over between the two WAN ports if one links fails. Is it possible or do I need two units for this kind of redundancy? Only one of the two WAN should be active at any time of course.

      From what I understand, it is not possible to configure two interfaces with same network on the same pfSense and have them being activated depending on status or link I assume? Or is there any way to do it without adding additional /29?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @fireix
        last edited by

        @fireix No, use two routers. pfSense will be confused if two network adapters have the same subnet. I would set up one now and add HA later.

        You could probably set up the CARP IP .188 on router1 from the beginning, and just add router2 later? The data center will probably want to route traffic to .188 from the beginning, or else it will need to be changed later.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        F 1 Reply Last reply Reply Quote 1
        • F
          fireix @SteveITS
          last edited by

          @SteveITS I would prefer not to add more gear for now, since this is temporary until I have two pfSense units and CARP. Maybe I'll just have both connected, but configure the 2nd one in case of longer downtime then.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.