Just ran into an odd scenario in my testbed...if pfSense (router1) is in a VM (Parallels Cloud/Virtuozzo), and I run "service network restart" on the host for that VM, pfSense fails over the WAN interface but does not fail over the LAN interface. At that point external communication is lost because one router is handling LAN and one WAN. It does not seem to recover afterwards until the host is restarted (we're also using VLANs on the host level for the pfSense VM to use for its interfaces, so that may be a factor in having the host restart).
Per http://www.freebsd.org/cgi/man.cgi?query=carp&sektion=4, if net.inet.carp.preempt=1 then the CARP interfaces should fail over together. Running "sysctl net.inet.carp" on pfSense shows net.inet.carp.preempt=1. If I reload the CARP status page on router2 quickly, I can see that the WAN and LAN interfaces correctly fail over so router2 is Master, however it almost immediately reverts so router2 is Master for WAN but router2 is Backup for LAN, and router1 is Master for LAN. How can I ensure they "fail back" together? Note that when I simply boot the host for router1, pfSense does fail over and back correctly! So something is making it not fail back on the network restart? For what it's worth we have a IPv4 and IPv6 CARP IPs for WAN, and an IPv4, an IPv4 alias, and IPv6 CARP IP for LAN. I found an OpenBSD (which I know is different OS, but...) FAQ page on CARP that says "By default all carp(4) interfaces are added to the carp group." However if I run "ifconfig -v" on pfSense no groups are listed for em0 and em1, only lo0, enc0, and ovpns1. I created a pfSense interface group "carpgroup" for LAN and WAN, but had the same symptoms. Thanks, -- Steve Yates ITS, Inc. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
