Incomplete VIP configuration on boot causing CARP failure (since 25.07 beta)
-
@stephenw10 said in Incomplete VIP configuration on boot causing CARP failure (since 25.07 beta):
However that's not a supported config in HA so.....
Thank you for your help!
pfSense book states
CARP cannot be used on interfaces that use PPPoE, PPTP, or other tunnel-like connections.
These interfaces do not have an address that can be shared or synchronized between nodes.
In these cases, CARP must be configured only on internal interfaces.I don't use CARP on PPPoE interface as you can see, so is it supported config?
-
Ah, good point! It probably still changes the load sequence at boot though. Let me test.
Do you have two separate PPPoE links, one for each node then?
-
@stephenw10 said in Incomplete VIP configuration on boot causing CARP failure (since 25.07 beta):
Do you have two separate PPPoE links, one for each node then?
Yes and no. Both nodes are configured for PPPoE with identical settings. I can bring up two PPPoE sessions to my ISP at the same time, but they likely don’t permit it, so I use a script that detects which HA node is Master and starts/stops the PPPoE session accordingly. The script has no impact during boot and includes a safety startup delay. I’ve tested with the script fully disabled — the behavior remains unchanged.
@stephenw10 said in Incomplete VIP configuration on boot causing CARP failure (since 25.07 beta):
Let me test.
I tested this about two weeks ago, but I don’t remember the exact results because the run was interrupted by a continious fatal trap as you remember.
I plan to re-run some tests—I don’t clearly remember the exact steps I took. There may be a link to the new PPPoE kernel module, but that’s just a guess. -
Ah, good point. Have you tested with and without the new if_pppoe module?
-
@stephenw10
Testing—getting closer. I’ve reproduced the issue in a VM running 2.8.1.
The trigger appears to be certain PPPoE settings: the new PPPoE module combined with “Request an IPv6 prefix/information through the IPv4 connectivity link.”
This appears to be a combination of other settings that triggers the problem.I can upload either the full exported VM (Virtualbox 7.1.12) or a minimal VM with the virtual disk removed, so you can install pfSense and restore the configuration.
-
Ah, cool. OK let me try to replicate that here first then....
-
@stephenw10
It looks like this also comes down to IPv6 settings and requires two LAN subnets, both using the Track Interface option: one tracking the WAN (PPPoE), and the other either tracking the same WAN with a different Prefix ID or tracking WAN2’s prefix. I’m not sure if it’s necessary, but I created LAN2 as a VLAN. Overall, the configuration is similar to what I described earlier. -
@stephenw10
Any luck? -
@stephenw10
I can provide replicated VM config.xml if you’re still interested. This needs 5 free ports on any hardware, I think and you need to manually edit interfaces before applying it. -
Sorry for the delay, I got stuck on some other testing. I'll try to get this setup today.
