Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Carp, DHCP VIP Issue with Hosts Connected to Secondary IP

    DHCP and DNS
    3
    4
    2143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rmweiss7 last edited by

      So, I am running 2.0.3 (i386) with CARP setup. The issue I am having is when hosts on the LAN network either reconnect (ipconfig /release/renew) or 1st time connect, I get a split DHCP server IP in the lease table. My admin laptop gets the secondary Carp IP for DHCP and thus this causes issues trying to connect to VPNs, routing and leases. Any suggestions to why the CARP IP for DHCP is using Secondary instead of the Primary? I am stumped.

      This only happens on the LAN network. I have an any any rule for LAN to reach any host out default gateway (which is a CARP IP) thinking that will solve my problem but it doesnt.

      R

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        You have to specify the CARP IP as the gateway in your DHCP server config.

        1 Reply Last reply Reply Quote 0
        • R
          rmweiss7 last edited by

          I have the correct setup for LAN. DHCP conf has the VIP Gateway set bc if not, then the LAN net wouldnt be able to communicate. It just doesnt make any sense why my laptop (DHCP Static Mapped) doesnt get the primary LAN IP for DHCP server. The dhcp renewal religiously uses the Secondary LAN IP instead.

          For example…

          My Laptop => 192.168.1.198 (Static DHCP Mapping)

          Def GW => 192.168.1.1 (CARP IP)
          FW #1 Lan IP => 192.168.1.2 (Primary)
          FW #2 Lan IP => 192.168.1.3 (Secondary)

          Ipconfig /all  "Eth LAN Adp"

          IPv4 Address. . . . . . . . . . . : 192.168.1.198(Preferred)
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
          Lease Obtained. . . . . . . . . . : Thursday, May 02, 2013 1:33:43 PM
          Lease Expires . . . . . . . . . . : Thursday, May 02, 2013 3:33:43 PM
          Default Gateway . . . . . . . . . : 192.168.1.1
          DHCP Server . . . . . . . . . . . : 192.168.1.3
          DNS Servers . . . . . . . . . . . : xx.xx.xx.xx

          I should be getting for DHCP server the Interal FW1 IP, not FW2 IP.

          What fixes my problem is to turn off FW 2, but this doesnt allow for redundancy. This is not an option, CARP failover is necessary.

          Additional thought, why does FW 2 show DHCP Leases for host on FW1? Bug?

          1 Reply Last reply Reply Quote 0
          • dotdash
            dotdash last edited by

            If you have your DHCP configured correctly, (failover peer set and sync dhcpd checked) they will not issue leases in use by the other server. Verify your DHCP status shows normal on both units. The DHCP server will show as issued from one of the physical boxes, this does not impact failover, as the other box will issue leases if one is offline.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy