Can't seem to be able to setup a WAN VIP for carp

  • Hi, everyone

    I'm rewriting this post as nobody is giving me any answer.

    I'm experimenting with CARP failover.

    When i try to create a Virtual IP I get the error message "Sorry, we could not locate an interface with a matching subnet for Please add an ip in this subnet on a real interface."

    I have strictly followed the CARP tutorial

    Details: I'm creating a CARP VIP for WAN / my pfsense router gets the address from a DHCP on WAN side

    If i understand correctly my VIP address WAN side should fall in the WAN subnet ( i.e. of type 192.168.0.X where X goes from 1 to 255)

    What am I doing wrong ?

    Many Thanks

    Initial post
    I'm seting up CARP failover with 2 Computers in my home lab.

    The setup is like this

    1(Internet) -> 2(cable modem) -> 3(Dlink Router @ with LAN Subnet with DHCP) ->
          4(2pfsense routers as DHCP clients WAN Side [ &] and DHCP server on LAN Side @ and .2 with subnet /24)

    When I go to create a WAN VIP for CARP I get the message "Sorry, we could not locate an interface with a matching subnet" or .x or wathever

    I fail to understand why ?
    Isn't my WAN VIP address suppose to fall in the WAN Subnet?

    What is wrong please help


    In the process of setting up CARP….

    When I create a VIP for WAN CARP using an IP within my WAN subnet....

    Example VIP =  on WAN = 192.168.0.X /24

    I get "Sorry, we could not locate an interface with a matching subnet for Please add an ip in this subnet on a real interface."

  • are the wan interfaces on each showing its pulling a /24 address? Try setting the wan addresses static so you can force the /24

  • Yes each wan interface is getting a /24 address in fact &

    I have tried with static address and yes the connection works

    and I can also create my VIP

    But what if my ISP only allocates his IP's from DHCP.


  • Rebel Alliance Developer Netgate

    You can't do CARP with a DHCP WAN, only static IP.

  • Thanks, Jimp

    Ok my VIP's are setup and I can ping them

    Now a new issue. and a ?

    In the process of setting up failover can I start by getting just one machine going. (second computer actualy off)

    When I configure the pfsense dhcp to use the LAN VIP for as the gateway my LAN PC computer does not get an IP anymore !!!! why is that

    Also Is there a way to issue a report that would show pfsense full setup.


  • Rebel Alliance Developer Netgate

    It's not likely that is the cause of your not getting an IP. If you set a "failover IP" for DHCP but the secondary machine is not on, that will cause it to fail.

    You can configure most of the CARP/sync/failover stuff with the secondary off, but the DHCP failover IP will cause issues.

  • Thanks Jimp,

    Ok while setting up only one pfsense computer…

    pfsense DHCP service stops working as soon as I redirect the DHCP gateway to the LAN VIP
    I noticed pinging the LAN VIP from subnet PC works but pinging from pfsense /diag_ping.php reports 100% loss

    Also the DHCP services reports this  "Failover Group  My State  Since                  Peer State  Since 
                                                      "dhcp0"         recover 2010/08/24 04:06:50 unknown-state 2010/08/24 04:06:50 "

    After re-reading Jimp's last reply  I decide to rebuild my setup but (NOW USING 2 pfSense computers)

    So now the failover seems to work... SO I move to tests

    When I unplug the BACKUP I can get a DHCP adress
      When I unplug the MASTER I can NO LONGER get a DHCP adress

    I rebuilt again the whole setup but SWAPPING the 2 computers
      I get the same result

    So what is wrong here!?

  • Rebel Alliance Developer Netgate

    Do you have the failover IPs set properly on both systems' DHCP settings?

    On the primary, it should be the LAN IP of the secondary.
    On the secondary, it should be the LAN IP of the primary.

    On 1.2.3, the DHCP settings do not sync.

  • Thanks Jimp,

    Right on the spot…

Log in to reply