How should it run ?
-
Master : 0
Slave 100configuration sync enabled between firewalls
-
Hrm. Wish that I could reproduce this…
-
I am seeing the same issue. I have 3 carp addresses, lan, wan, qmoe plus the pfsense internal address. All items seem to sync just fine. I created the backup from the master. I have all 3 master carps at 0 and all 3 backup carps at 100. sometimes only 1 or 2 of the carps failover and it just holds them. I have to re-save carp settings on backup or reboot backup pf box to get it to fail back.
I would love to send any configs, or debug logs if I can do something to help you see the issue. Please let me know.
Currently my boxes are not in a production environment so now is the prime time to debug.
Thanks. -
Have you checked if your switches are not blocking CARP traffic ?
Just to be sure…. -
Switches are constantly an issue with CARP it seems. Definitely ensure that its not being blocked/stopped at the switch level.
-
I don't have my pfsync interfaces plugged into a switch, they are plugged in with a crossover cable to each other.
-
CARP != pfSync. CARP traffic will still be present on all interfaces that have a CARP address assigned. If they cannot communicate then it will not work.
-
CARP is the mechnism used to detect the state of machines in a cluster and to swap the macadress back and forth between clustermembers. This traffic will happen on every interface where a carp ip resides.
pfSync is an additional mechanism used to sync the statetables between clustermembers so that already established connections don't need to be reestablished after a failover. This traffic will happen on the interface that you set as sync interface.
Both features do work independently of each other but are often used together.
-
So what do I look for on the switch as CARP traffic?
-
See http://www.countersiege.com/doc/pfsync-carp/ for how it works.