The question of PFSense CARP failover
-
Greetings and according to official instruction , I installed the pfsense with "2.0-RC1" in 2 server (A and B) role as master/backup Firewall+CARP+DHCP successfully.
I got the problem in failover testing :
Normal case (Failover A->B) :
I power-off server A, it can failover the WAN-CARP-IP and LAN-CARP-IP to server B role as master and keep the TCP connection during the failover processing. Download is not interrupted and it runs smooth as per expected =]Abnormal case (Failover B->A) :
If I power-on server A, it can failover back the WAN-CARP-IP and LAN-CARP-IP from server B to server A as master role successfully. BUT it will stop/break all current TCP connection during the failover processing.
Enable sync is checked in both A and B in CARP settings page.
May I know that it is the bug or any other solution can resolve the above?Many thanks!
-
You enable sync on both but sync configuration stays only master box.
Test a newer snapshot too.
-
Try entering the sync IP of the opposing box in the state sync section, instead of leaving it blank.
-
I had some trouble at first, what I had to do to fix it is first
Verify that ONLY the master sync server has the various sync buttons checked.
- And just to be safe remove any IP address in the Sync form on the slave servers.
Found in the PFSense Documents at:
http://doc.pfsense.org/index.php/CARP_Configuration_Sync_Troubleshootingnext make sure that snyc is set up correclt by checking:
Enable pfSync in Firewall -> Virtual IPs -> CARP settings -> Synchronize Enabled (check it) on all cluster members.
-> Synchronize Virtual IPs [ X ]
-> Synchronize to IP [ insert Slave IP ONLY on Master! ]
-> Remote System Password [ do not forget! ]
Select the dedicated Sync interface with the Synchronize Interface dropdown on all cluster members, if itās on a dedicated port select that port if not then select the port on switch your syncing across..
Afterward visit Firewall -> Rules and add an allow all from any to any rule on each cluster member for the newly created pfsync interface.
Found in the PFSense Documents at:
http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29I know that this might be a common mistake, but I am new to PFSense and I did the above and it fixed my syncing issues.