Carp: Interface specified for the virtual ip address does not exist



  • Greetings all,

    I spun up a new firewall today (pfSense 2.1.4) to act as my standby in case something happens to the primary.  The primary firewall (pfSense 2.1.2) has 4 interfaces (WAN, LAN, DMZ), and the new server has 3.  The 4th interface on the primary firewall is unused.

    I have the standby firewall working properly, and I was able to get all the FW rules, aliases, etc sync'd to the standby.  However, I get a message on the standby stating, "Interface specified for the virtual ip address does not exist".  This particular interface happens to be the DMZ interface on the primary.  I have assigned a DMZ interface on the secondary, and double-checked the configuration on both firewalls.

    When I look at the CARP interface status on the secondary, I see "opt2_vip" as the DMZ interface (as defined on the primary), but I don't have an "opt2_vip" on the secondary.  As a result, the DMZ VIP won't fail over.

    Does anyone have a suggestion to coerce pfSense into using the DMZ interface on the secondary as the opt2_vip interface so the HA sync completes properly?

    Thanks.

    -Ron



  • Argh!  As usual, as soon as I added this thread I was able to fix the problem.

    On the standby firewall, I edited /config/config.xml and replaced "opt1" with "opt2" for the DMZ interface.  I then removed the /tmp/config.cache and /tmp/config.lock files then rebooted the standby.  Now, CARP status shows all interfaces in Backup mode as expected.

    Sorry for the noise…