NTP server on carp-enabled cluster
-
I've got two pfSense 2.1.3 boxes in a CARP cluster, they also acts as an NTP server for the LAN network.
There are many clients on the network (mostly dedicated hardware equipment, appliances) which require an NTP server to function, but they only accept one NTP server in their settings. In order to provide a highly available NTP service for them, I'd provide the Virtual IP from tle LAN side to these devices.
Unfortunately, NTP doesn't seem to answer to these devices on the virtual IP. In NTP settings, i've double-checked that NTP is listening on all interfaces, moreover, in the log it says:
ntpd[45814]: Listen normally on 17 opt1_vip3 192.168.24.254:123where opt1_vip3 is my carp virtual interface.
I tried to point a separate ntpd instance on a test client machine to 192.168.24.254:123, and it does not sync. It stays in INIT state forever.
NTP serves on the real interfaces, but not on this virtual one. Any idea why?I have even tried to specifically make NTPd to listen on that interface, not any better:
interface ignore all interface listen opt1_vip3 -
I also noticed that the opt1_vip3 interface 192.168.24.254 doesnt answer to pings either. Is there any firewall rule to be added? I don't find any firewall tab for the VIP interface…
-
Try selecting the LAN CARP VIP explicitly instead off all interfaces.
-
It was a strange issue with my switch.
