Is CARP hardware redundancy possible with 1 WAN IP?



  • I would like to setup a pair of identical pfSense routers however my ISP only gives me a /30 so I don't have 3 public IP's to work with on the WAN interfaces. Is it possible to only assign a Virtual IP to the WAN interface? If that is not possible, could I assign the WAN interfaces private IP addresses in the same subnet as each other and then have the Virtual IP be set to the public IP?



  • Not with the current version, that I am aware of.



  • Do you know if that feature is planned for a future release?

    I can see valid IP's needed on the LAN side for management purposes but why are IP's even needed on the WAN side except for the 1 floating WAN IP since it will be the default path to the Internet anyways?



  • I would assume so, but I don't know when. I have heard talk of it once. Perhaps 2.2 or 2.3, but I am not sure.


  • Rebel Alliance Developer Netgate

    @andrew4902:

    Do you know if that feature is planned for a future release?

    It should be possible on 2.2

    @andrew4902:

    I can see valid IP's needed on the LAN side for management purposes but why are IP's even needed on the WAN side except for the 1 floating WAN IP since it will be the default path to the Internet anyways?

    Without valid IPs on both, the secondary will not be able to independently check for updates or install packages. There would also be no way to directly manage the secondary from a remote location. It couldn't do DNS resolution to a remote DNS server, or even sync its clock to a remote time server.

    So the single IP method may be valid, but still not ideal.


Log in to reply