Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Carp - Virtual IP's not Syncing

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 3 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      brian.stivala
      last edited by

      Hi All,

      I have configured 2x pfsense boxes with Carp fail over and everything is working fine, the master and backup are in place.
      On the master device I've ticked every box on the high avail sync page so the firewall will sync everything.

      Tested and everything is working well, Rules, NAT, Aliases and other options are being synchronised accordingly.
      How ever there is only one thing that is not being synchronised and this is the Virtual IP's content.

      Is this a normal behaviour from pfsense not to sync the added VIP's?
      I've attached some picture so that you'll have a better scenario. I had to hide my Public IP's.

      The PFS1 has Wan Lan and Management Carp which are synced to PFS2, however when I try to add a public virtual IP
      the PFS2 is not getting the information from PFS1.

      Appreciate if someone can help me on this one.
      Thanks.

      pfs1.jpg
      pfs1.jpg_thumb
      pfs2.jpg
      pfs2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • B Offline
        brian.stivala
        last edited by

        It's amazing, almost 38 views without a reply.

        1 Reply Last reply Reply Quote 0
        • dotdashD Offline
          dotdash
          last edited by

          Only CARP VIPS are sync'd. Alias IP's are not. You should add all your VIPs as CARP. If you have additional routed subnets, you may need to add an alias IP on the secondary subnet on each box, then add the rest as CARP.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            @brian.stivala Your additional VIPs inside the WAN subnet or LAN subnet should be CARP VIPs in this case, NOT proxy ARP or IP alias.

            @dotdash:

            Only CARP VIPS are sync'd. Alias IP's are not. You should add all your VIPs as CARP. If you have additional routed subnets, you may need to add an alias IP on the secondary subnet on each box, then add the rest as CARP.

            Not quite that simple.

            • Proxy ARP - Never Syncs
            • CARP - Always Syncs
            • Other type - Always Syncs
            • IP alias bound to normal interface - Will not sync
            • IP alias bound to a CARP VIP as its interface - Will sync
            • IP alias bound to localhost (2.1+) - Will sync

            See here: http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.