Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP on LAN + WIFI issue (using ALIX 2D13)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 965 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      DaleX001
      last edited by

      Hello all,

      I've been searching for a while and don't seem to find someone having the same issue.

      So first what i want to accomplish :
      Using 2 ALIX 2D13 boxes, i wish to have a complete LAN+WIFI+WAN failover solution.

      What is working :

      • I have LAN CARP working OK (VIP : 192.168.1.1 | ALIX box1 : 192.168.1.2 | ALIX box2 : 192.168.1.3)
      • I have WAN1 CARP working OK
      • I have WAN2 CARP working OK
      • Failover/loadbalancing between WAN1 and WAN2 is working (not CARP related though)
      • Cluster communication is on a dedicated subnet (192.168.99.0/24) and is working as well

      What is not working :

      • When connecting through WIFI i can't ping the LAN VIP (192.168.1.1 which will be used as Internet gateway) I can only ping the LAN IPs
      • Then if I disable and reenable CARP, then I can ping the LAN VIP again (the enable/disable of CARP is "doing something")
      • If I disconnect and reconnect from WIFI, I can't ping the LAN VIP

      I have WIFI and LAN interface bridged (and in a group) so that firewall rules are the same whether i'm wireless or not.
      So far i'm stuck, because I intend to push the LAN VIP as the default gateway to all workstations using my Windows DHCP server (which is on LAN).

      Any idea ?

      1 Reply Last reply Reply Quote 0
      • D Offline
        DaleX001
        last edited by

        I found a workaround which is not ideal but allows me to move on.

        I noticed that in fact i couldn't ping the LAN VIP if i was connected in WiFi to the active CARP appliance.
        So basically instead of having two active hotspots, I just had to make sure the hotspot was disabled on the active CARP appliance.

        To do so here is what I did:

        1 - Modify /etc/devd.conf to point to custom rc.carp scripts

        
...
# CARP notify hooks. This will call carpup/carpdown with the
# interface (carp0, carp1) as the first parameter.
notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_UP";
    match "subsystem"           "[a-zA-Z0-9_]+_vip[0-9]+";
    action "/etc/rc.carpmaster.custom $subsystem";
};

notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_DOWN";
    match "subsystem"           "[a-zA-Z0-9_]+_vip[0-9]+";
    action "/etc/rc.carpbackup.custom $subsystem";
};
...

        2 - Create /etc/rc.carpmaster.custom

        
#!/bin/sh
/etc/rc.carpmaster $1
ifconfig ath0_wlan0 down
/usr/local/sbin/pfSsh.php playback svc restart racoon

        3 - Create /etc/rc.carpbackup.custom

        
#!/bin/sh
/etc/rc.carpbackup $1
ifconfig ath0_wlan0 up

        So basically, when an appliance becomes master:

        • It runs the usual carp scripts
        • It disables the hotspot
        • It restarts racoon (to make sure IPSEC connection are restarted)

        when an appliance becomes master:

        • It runs the usual carp scripts
        • It enables the hotspot

        Having the same SSID and both appliance not too far from one another makes it almost transparent to end-users (about 30 seconds service interruption in case of a CARP failover).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.