Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PROBS: HA setup (carp) with uplink failover and SIP-traffic not switching uplink

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      petzi43
      last edited by

      Hi All

      I have the problem that SIP-traffic ist not changing the gateway after one uplink is not available anymore.

      The setup is as following:
      Two pfsense 2.0.2 with 6 Interfaces (WAN1, WAN2, DMZ, int1, int2, sync) setup with CARP.
      Two Uplinks with fixed IP-networks.
      One WAN-Group (one Uplink Tier1 the other Tier2)
      Manual Outbound-NAT:

      • one rule for each uplink for internal network with the virtual-CARP-IP as NAT-IP and using the Gateway-Group

      • a special UDP Rule from internal network for each uplink with the same virtual-CARP-IP as NAT-IP but with static ports for SIP and also using the gateway-group

      With that setup the following is working fine:

      • normal email and web traffic works with failover of the two pfsense

      • SIP phones (with one provider) working fine also in case of failover

      • Uplink failover works for normal TCP traffic! Every client is using the backup-gateway and the other NAT-IP[\li]

        The only thing wich is not working:
        In case of a uplink failover the SIP-phone will not follow to the Tier2 Uplink Gateway!

        I tried to log the FW-rule (internal-SIP-phone, UDP -> any) to see whats going on but I can't see any registration with that rule at all (not even the working case with the Tier1 Uplink!).
        But in the state-table I can see that the SIP-phone has opened the correct static port to the sip registrar.

        The phone is configured to reregister after 2 minutes. So in case of an failover it should reregister after that time.
        But it's dead afterwords and I can't see a new(or changed) state with the failover NAT-IP.

        Has someone an idea why I can't see someting logged in the FW-rule with the UDP-traffic regarding SIP-traffic and why only the SIP-traffic is somehow not using the second gateway of the Gateway-Group?

        I would be very glad to hear any comment or ideas to that?!

        Best regards
        Patrick

      1 Reply Last reply Reply Quote 0
      • D
        drainlife
        last edited by

        Same problem here…

        Any ideas?  8)

        1 Reply Last reply Reply Quote 0
        • P
          petzi43
          last edited by

          We upgraded to 2.1.5.
          If I am right there was something about that in the version-info.
          With the new version it works because they changed things in the behavior on CARP failover regarding to deleting states.

          Best regards
          Patrick

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.