We are using two pfSense virtual firewalls as a load balancer and all the back and forth works perfectly. However, when the virtual IP we want to use is a CARP it does not respond to PING. If I switch it back to IP Alias it’ll immediately respond. However, that of course breaks the HA we want with the VIP. Our configuration has the WAN interface disabled. Only the LAN interface is enabled. I didn’t think it was necessary to add a Firewall rule if it’s LAN traffic, but maybe there’s something I’m overlooking.
Check the firewall rules, you can do CARP between LAN only.
Not sure what settings need to be added in firewall rules. Video tutorial I wanted dealt with WAN interface, not LAN like I’m using
I have a whole video on HA Proxy here
And a video here explaining how to do HA
The network team carved out a VLAN just for the SYNC I need to do with pfSense. In VMWARE here are the settings:
VCS_HALB01
NIC1: VM Network. Connected pfSense: LAN (192.168.1.7/24)
NIC2: VMNET40 Not Connected pfSense: WAN (Not enabled / IP=None)
NIC3: VMNET40 Connected pfSense: OPT / Sync (DHCP IP: 192.168.4.50)
VCS_HALB01
NIC1: VM Network. Connected pfSense: LAN (192.168.1.8/24)
NIC2: VMNET40 Not Connected pfSense: WAN (Not enabled / IP=None)
NIC3: VMNET40 Connected pfSense: OPT / Sync (DHCP IP: 192.168.4.51)
VMNET = VLAN 40
If I configure pfSense to use VLAN 40 for the Sync interface and DHCP I don’t get an IP address assigned. If I don’t add a VLAN then I do get an IP address assigned. Originally, I’d want to use 172.31.31.7/24 and 172.31.31.8/24 for the SYNC IP’s and not use DHCP, but I wasn’t able to ping them from the VMware console for each device. I have the SYNC firewall settings to permit everything.
What am I doing wrong?
CARP IP responded to PING when built in my lab after enabling Promiscuous mode in VMware for the virtual switch. I’ve read about some of the reasons why, but is there a way around it? I’ve work with other load balancers on VMware and have never needed to enable promiscuous mode. I’m most likely not going to get my VMware admins onboard regarding promiscuous mode. Same appears to be try for HyperV on Windows Server 2019 and again, that’s not something I want to have to do.
