CARP on pfsense 1.2.3 doesn't work properly
-
Hi,
Before I start to describe my issues I just need to mention that it worked ok on version 1.0.1.
Also I attached my basic network map.We're running this for our web and voip servers and IPSec tunnels (virtual IPs are used for these services). Sometimes we can't access to the local servers over the VPN. And the reason is that there are 2 IPSec tunnel open - on master and on the slave. Also if I looked on the status page there were some inconsistency - master pfsense has some IPs in green (slave pfsense has got them in gray colour) and some in gray (slave pfsense has them in green colour).
I checked few things like: time (both boxes have got the same time), advertise frequency (master 0, slave 100) and I think everything is ok.Also as we're registering our snom phones with the server behind this firewall we've got some issues with our telephones because of that.
Also our web servers won't respond during this time.
Then I'm stopping carp on the slave and then everything is back to normal. I'm thinking that it shouldn't be noticeable for us (1-3 seconds maybe) to swap between master-slave.I need to mention that there's a STP enabled on HP switches to prevent the loops.
I'll appreciate for any ideas, is there anything what I should check.
-
anything funny from the system log?
you may try delete all the VIPs, and create them again.
-
As long as IPsec is bound to a CARP IP, it can't come up on the secondary until it's master. If you have dual master status, there's some kind of connectivity problem between the two hosts (though that should be no diff from 1.0.x to 1.2.x).