Carp - Virtual IP's not Syncing
-
Hi All,
I have configured 2x pfsense boxes with Carp fail over and everything is working fine, the master and backup are in place.
On the master device I've ticked every box on the high avail sync page so the firewall will sync everything.Tested and everything is working well, Rules, NAT, Aliases and other options are being synchronised accordingly.
How ever there is only one thing that is not being synchronised and this is the Virtual IP's content.Is this a normal behaviour from pfsense not to sync the added VIP's?
I've attached some picture so that you'll have a better scenario. I had to hide my Public IP's.The PFS1 has Wan Lan and Management Carp which are synced to PFS2, however when I try to add a public virtual IP
the PFS2 is not getting the information from PFS1.Appreciate if someone can help me on this one.
Thanks.
-
It's amazing, almost 38 views without a reply.
-
Only CARP VIPS are sync'd. Alias IP's are not. You should add all your VIPs as CARP. If you have additional routed subnets, you may need to add an alias IP on the secondary subnet on each box, then add the rest as CARP.
-
@brian.stivala Your additional VIPs inside the WAN subnet or LAN subnet should be CARP VIPs in this case, NOT proxy ARP or IP alias.
Only CARP VIPS are sync'd. Alias IP's are not. You should add all your VIPs as CARP. If you have additional routed subnets, you may need to add an alias IP on the secondary subnet on each box, then add the rest as CARP.
Not quite that simple.
- Proxy ARP - Never Syncs
- CARP - Always Syncs
- Other type - Always Syncs
- IP alias bound to normal interface - Will not sync
- IP alias bound to a CARP VIP as its interface - Will sync
- IP alias bound to localhost (2.1+) - Will sync
See here: http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F