    Main Setup –---------------------------------------------------------------------------------------------------

    Firewall1                                                                  Firewall2

    VPN LAN      BRIDGED WITH LAN                                                      NA ----------

    CARP Interfaces

    Firewall1                                                                Firewall2

    CARP0          VHID1                                                                    VHID1
    Pass:          test                                                                    test
    Advertise:      5                                                                          105

    CARP1          VHID2                                                                    VHID2
    Pass:          test1                                                                    test1
    Advertise:      5                                                                          105

    CARP2          VHID3                                                                    VHID3
    Pass:          test2                                                                  test2
    Advertise:      5                                                                          105

    Proto Source Port Destination Port Gateway Schedule Description

          • * *                         CARP LAN

    The carp network is located on a dedicated separate switch.

    End setup ---------------------------------------------------------------------------------------------

    The situation is that i can communicate with all the virtual ips from machines on each of the networks.

    If i send a ping packet to the virtual address it will respond without even dropping a packet....even when i drop carp on one box and bring it back up the changeover is seamless.

    The problem comes with the virtual ip on the LAN ----- If i disable carp on the primary box the changeover is instant. Even sending pings to the interface while carp is taking over from primary to secondary does not result in lost packets.
    However if i bring carp back up on the primary box Packets get lost...lots of them, infact it takes about 5 minutes for the ip to respond to pings again on the primary, even though in the carp status the primary box instantly recognizes itself as master.

    I have rebuilt from scratch both boxes on more than one occasion, I have tried different ips and even multiple ips on the LAN for eg, 192.168.251 etc. I have even had the primary configured on different boxes with different nics.

    I always have the same problem that the primary box takes a good while for it to take over the lan ip...all the others ips work fine.

    I am using version 1.2.2 built on Thu Jan 8 22:30:24 EST 2009

  • Ok, so I didn't actually read your whole post, sorry. But I did notice your DMZ conflicts with your CARP subnet. Do you really need a whole class A for the DMZ? Either change that or move the CARP subnet to or something. Oh, and what's with the adskew being 5 and 105? You should leave these at defaults (0 for the master, 100 for the backup).

    Cheers for the response, i have changed the CARP LAN address range as you suggested and currently it seems to be taking over addresses correctly. I dont actually need a class A for my DMZ either it just happens to be that this is how it was configured originally and as i have many servers in the DMZ and it works im not going to reassign them all. The reason i have assigned the adskew to 5 and not 0 is so that i can add in my main pfsense firewall into the cluster and gradually get it to take over addresses by assigning them as 0 on it.

    Anyway cheers for the assistance, if i have any more probs ill post back…i should know in a day or two if everything is working fine.

