Editing interface assigment causes VIP to stop responding…



  • Seeing a somewhat strange issue with a pFSense 2.1…

    When editing interface assignments and saving these, one of the VIP adresses stops responding to certain types of traffic. So far I've seen it doing so for ICMP and IPSec traffic, while I for a fact know that HTTP/HTTPS continue working...
    Other VIP's keeps responding, at least for ICMP but cannot tell for IPSec as no traffic is routed to these adresses.

    Rebooting the pFSense brings the troubled VIP fully online again.

    Any ideas on this?

    Regards,
    Anders



  • I've seen this behavior when 'adding' interfaces, as the CARP VIP is often the item that auto-populates the new 'interface' if there are no physical interfaces available..    If you edit/save the CARP VIP, it should come back online.



  • Had same issue yesterday.
    I was connected via OpenVPN to pfSense. The OVPN server is bound on a WAN CARP VIP and my web GUI is reachable on LAN address only.

    I just hit the button to add an interface and the VPN was broken. No way to get access from remote again.
    That's a bad circumstance if the firewall is more than 20 km away and it's late at night!    :-
    My pfSense is 2.1.1

    Does anybody know if this behaviour just aply to bounded services on CARP VIPs or will it be the same if I bind OVPN on an IP Alias?


Log in to reply