Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP - configuration issue

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y Offline
      yaman.amin
      last edited by

      Hello my friends,
      I configured CARP in two PFsense machines as  follows
      Pfsense 1:
      WAN1:  78.150.140.252
      LAN1: 192.168.75.2
      Cayptive portal1:192.168.50.2
      s2nc1:192.168.80.2

      Pfsense 2:
      WAN2:  78.150.140.253
      LAN2: 192.168.75.3
      Captive portal2:192.168.50.3
      sync2:192.168.80.3
      Firewal => Virtual IPs : i set the WAN virtual IP as 78.150.140.251
                                                        LAN virtual IP as  192.168.75.1
                                                        Captive portal virtual IP :192.168.50.1
      then i edit the DHCP server of the Captive portal in such away the gateway is 192.168.50.1 (Virtual IP address of the Captive portal interface )

      i also edit the NAT for the whole entries => manual Outbound => translation interface =78.150.140.251(The virtual IP address of the WAN )

      CARP works good as redundancy , what ever i change in master machine , it changes automatically in backup machine.
      The problems , the clients connected to captive portal interface cant access internet , also i cant ping the virtual Ip address 192.168.50.1

      is there any thing to edit in the configuration or the DHCP server
      what do you suggest
      thanks

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Captive portal login sessions are not synced. MAC address passthrough entries might be since they actually go into the config - I didn't test that.

        After traffic swings to the backup, accessing anything outside on :80 should bring the portal page up on the backup's IP address. They should be able to log in again and browse.

        I don't have captive portal enabled on my backup. If the master is down the traffic swings to the secondary and they don't notice anything. When it swings back either the database is intact and they don't notice or it isn't and they have to log in again. Yes, a clever user could just set their gateway to the secondary's IP address and bypass the portal. This is free internet anyway so shrug.

        This is on 2.1.5.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • Y Offline
          yaman.amin
          last edited by

          is ther extra setting to do as we havwe captive portal?

          Best Wishes

          test-example-redundancy2.jpg
          test-example-redundancy2.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            To my knowledge captive portal sessions are not synced period. You'll need to write an XML sync for CP sessions.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.