CARP internally with single ip WAN

  • I have a pair of WAN connections, one with a single IP supplied via DHCP and another with PPPoE, and 1 pfsense firewall connecting the internal network to these two connections and automatically failing over should one of them go down.

    I have a second firewall configured to do CARP on the internal interface, but while this takes over the internal address the second firewall has no WAN connection unless i bring it up manually. If i leave the WAN connection enabled all the time then the two firewalls would conflict with each other and cause problems…

    So my question is, is it possible to use the rc.carpmaster/rc.carpbackup scripts to bring the WAN interfaces up or down as appropriate, in order to get automatic failover from one firewall to the other? And if so, how should this be done?

    I'm able to mark the interfaces as disabled from the webui, but really need a cli equivalent that can be called from the scripts...

  • How about: (whatever your interfaces are in place of em0)
    ifconfig em0 down
    ifconfig em0 up
    dhclient em0
    You might have to specify the ppp interface for the pppoe one. I'm trying my best to never touch pppoe again, and can't remember the particulars. Trying to do a CARP cluster with those connections is going to be an ugly hack in any case.

  • LAYER 8 Netgate

    Seems like anything important enough to have HA is important enough to have a /29.

    If this is just a lab experiment, I'd just put another pfSense in front of it to handle the WANs and a private /29 back to the HA pair.

  • I did try just bringing the interfaces up/down with ifconfig, but this didn't seem to work correctly…
    I also tried bringing down the physical interface rather than the ppp interface, but that just caused pppoe to stall and never reconnect.

    There's options in the webui to connect and disconnect a ppp interface, is there some way to trigger this from the cli?

Log in to reply