Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    The question of PFSense CARP failover

    HA/CARP/VIPs
    4
    4
    5478
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      entinux last edited by

      Greetings and according to official instruction , I installed the pfsense with "2.0-RC1" in 2 server (A and B) role as master/backup Firewall+CARP+DHCP successfully.

      I got the problem in failover testing :

      Normal case (Failover A->B) :
      I power-off server A, it can failover the WAN-CARP-IP and LAN-CARP-IP to server B role as master and keep the TCP connection during the failover processing. Download is not interrupted and it runs smooth as per expected =]

      Abnormal case (Failover B->A) :

      If I power-on server A, it can failover back the WAN-CARP-IP and LAN-CARP-IP from server B to server A as master role successfully. BUT it will stop/break all current TCP connection during the failover processing.

      Enable sync is checked in both A and B in CARP settings page.
      May I know that it is the bug or any other solution can resolve the above?

      Many thanks!

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        You enable sync on both but sync configuration stays only master box.

        Test a newer snapshot too.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          Try entering the sync IP of the opposing box in the state sync section, instead of leaving it blank.

          1 Reply Last reply Reply Quote 0
          • A
            asalmon last edited by

            I had some trouble at first, what I had to do to fix it is first

            Verify that ONLY the master sync server has the various sync buttons checked.

            1. And just to be safe remove any IP address in the Sync form on the slave servers.

            Found in the PFSense Documents at:
            http://doc.pfsense.org/index.php/CARP_Configuration_Sync_Troubleshooting

            next make sure that snyc is set up correclt by checking:

            Enable pfSync in Firewall -> Virtual IPs -> CARP settings -> Synchronize Enabled (check it) on all cluster members.

            -> Synchronize Virtual IPs [ X ]
            -> Synchronize to IP [ insert Slave IP ONLY on Master! ]
            -> Remote System Password [ do not forget! ]
            Select the dedicated Sync interface with the Synchronize Interface dropdown on all cluster members, if it’s on a dedicated port select that port if not then select the port on switch your syncing across..
            Afterward visit Firewall -> Rules and add an allow all from any to any rule on each cluster member for the newly created pfsync interface.
            Found in the PFSense Documents at:
            http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29

            I know that this might be a common mistake, but I am new to PFSense and I did the above and it fixed my syncing issues.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy