• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CARP - configuration issue

Scheduled Pinned Locked Moved HA/CARP/VIPs
4 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Y Offline
    yaman.amin
    last edited by Jan 29, 2016, 6:34 PM

    Hello my friends,
    I configured CARP in two PFsense machines as  follows
    Pfsense 1:
    WAN1:  78.150.140.252
    LAN1: 192.168.75.2
    Cayptive portal1:192.168.50.2
    s2nc1:192.168.80.2

    Pfsense 2:
    WAN2:  78.150.140.253
    LAN2: 192.168.75.3
    Captive portal2:192.168.50.3
    sync2:192.168.80.3
    Firewal => Virtual IPs : i set the WAN virtual IP as 78.150.140.251
                                                      LAN virtual IP as  192.168.75.1
                                                      Captive portal virtual IP :192.168.50.1
    then i edit the DHCP server of the Captive portal in such away the gateway is 192.168.50.1 (Virtual IP address of the Captive portal interface )

    i also edit the NAT for the whole entries => manual Outbound => translation interface =78.150.140.251(The virtual IP address of the WAN )

    CARP works good as redundancy , what ever i change in master machine , it changes automatically in backup machine.
    The problems , the clients connected to captive portal interface cant access internet , also i cant ping the virtual Ip address 192.168.50.1

    is there any thing to edit in the configuration or the DHCP server
    what do you suggest
    thanks

    1 Reply Last reply Reply Quote 0
    • D Offline
      Derelict LAYER 8 Netgate
      last edited by Jan 29, 2016, 7:25 PM

      Captive portal login sessions are not synced. MAC address passthrough entries might be since they actually go into the config - I didn't test that.

      After traffic swings to the backup, accessing anything outside on :80 should bring the portal page up on the backup's IP address. They should be able to log in again and browse.

      I don't have captive portal enabled on my backup. If the master is down the traffic swings to the secondary and they don't notice anything. When it swings back either the database is intact and they don't notice or it isn't and they have to log in again. Yes, a clever user could just set their gateway to the secondary's IP address and bypass the portal. This is free internet anyway so shrug.

      This is on 2.1.5.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • Y Offline
        yaman.amin
        last edited by Feb 1, 2016, 12:23 PM Feb 1, 2016, 12:17 PM

        is ther extra setting to do as we havwe captive portal?

        Best Wishes

        test-example-redundancy2.jpg
        test-example-redundancy2.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • D Offline
          Derelict LAYER 8 Netgate
          last edited by Feb 1, 2016, 6:42 PM

          To my knowledge captive portal sessions are not synced period. You'll need to write an XML sync for CP sessions.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received