CARP VIP + Routed Subnet to Carp VIP on PfSense 2.0.1-RELEASE



  • Hello,

    Apologies if this has already been asked and answered. I have read through a few threads but none seem to match the scenario I've got.

    Ok, so I have 2 pfsense in a CARP master/slave configuration.

    Box 1.
    Wan IP 1.1.1.5
    Lan IP 10.x.x.10

    Box 2.
    Wan IP 1.1.1.6
    Lan IP 10.x.x.11

    Both boxes share via CARP:
    Wan IP 1.1.1.4
    Lan IP 10.x.x.254

    I have a /27 block routed to the shared WAN IP 1.1.1.4.

    I know that if i was not in this failover configuration, I could just use ProxyARP on the WAN interface. However, I'm assuming that I need to run any of this off the "CARP VIP for 1.1.1.4". Anytime I attempt to add Proxy ARP, I am told that is not aloud. I'm cool with that. Attempted "IP Alias", which if memory serves (I'm not in front of the system at the moment), will not apply to the Carp VIP. I've attmped "Other", which has told me that the IP range I was trying to add was not presnt on any interfaces on the system.

    I think I'm doing something wrong here. But I'm not quite sure what I've missed.

    Any help would be appreciated.

    Thanks,
    John



  • Ok,

    So I'm now in front of the system in question.

    Adding:

    Standard Parameter:
    -Selecting "Interface" which is my Primary IP via CARP. This is the IP that my additional block is routed to.
    -Block is 1.2.3.4/27

    Proxy Arp
    I get "For this type of VIP, a CARP parent is not allowed"
    I was expecting this. But tried for the sake of trying.

    CARP
    You cannot stack CARP interfaces.

    Other
    This article refers that I should use this.
    I get "For this type of VIP, a CARP parent is not allowed".

    IP Alias
    "Sorry, we could not locate an interface with a matching subnet for 1.2.3.4/27. Please add an ip alias in this subnet on this interface."
    Is that not what I was trying to do?

    I have a feeling the majority of the instructions I am reading on this are mant for 1.2.x and not 2.x.x of pfSense.

    Any help would be greatly appreciated.



  • Just add Other type VIPs on WAN, not on CARP. They don't actually do anything other than filling in places in the GUI where you can pick public IPs.


Log in to reply