The question of PFSense CARP failover



  • Greetings and according to official instruction , I installed the pfsense with "2.0-RC1" in 2 server (A and B) role as master/backup Firewall+CARP+DHCP successfully.

    I got the problem in failover testing :

    Normal case (Failover A->B) :
    I power-off server A, it can failover the WAN-CARP-IP and LAN-CARP-IP to server B role as master and keep the TCP connection during the failover processing. Download is not interrupted and it runs smooth as per expected =]

    Abnormal case (Failover B->A) :

    If I power-on server A, it can failover back the WAN-CARP-IP and LAN-CARP-IP from server B to server A as master role successfully. BUT it will stop/break all current TCP connection during the failover processing.

    Enable sync is checked in both A and B in CARP settings page.
    May I know that it is the bug or any other solution can resolve the above?

    Many thanks!



  • You enable sync on both but sync configuration stays only master box.

    Test a newer snapshot too.


  • Rebel Alliance Developer Netgate

    Try entering the sync IP of the opposing box in the state sync section, instead of leaving it blank.



  • I had some trouble at first, what I had to do to fix it is first

    Verify that ONLY the master sync server has the various sync buttons checked.

    1. And just to be safe remove any IP address in the Sync form on the slave servers.

    Found in the PFSense Documents at:
    http://doc.pfsense.org/index.php/CARP_Configuration_Sync_Troubleshooting

    next make sure that snyc is set up correclt by checking:

    Enable pfSync in Firewall -> Virtual IPs -> CARP settings -> Synchronize Enabled (check it) on all cluster members.

    -> Synchronize Virtual IPs [ X ]
    -> Synchronize to IP [ insert Slave IP ONLY on Master! ]
    -> Remote System Password [ do not forget! ]
    Select the dedicated Sync interface with the Synchronize Interface dropdown on all cluster members, if it’s on a dedicated port select that port if not then select the port on switch your syncing across..
    Afterward visit Firewall -> Rules and add an allow all from any to any rule on each cluster member for the newly created pfsync interface.
    Found in the PFSense Documents at:
    http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

    I know that this might be a common mistake, but I am new to PFSense and I did the above and it fixed my syncing issues.


Log in to reply