eUnite
Contributor
Contributor

Can't PING carp virtual IP on pfsense that installed on ESXi6.0

Pfsense version 2.4.3 release P1  has been install on ESXi6.0 for two guest and those two guests are built to be cluster. They are configured for CARP (VIP). However, servers that are on same subnet as CARP can not pingable with that CARP. The issue is same as below link. Anyone has idea about this issue.

Can't PING carp virtual IP | Netgate Forum

https://forum.netgate.com/topic/84932/can-t-ping-carp-virtual-ip

0 Kudos
2 Replies
aleex42
Enthusiast
Enthusiast

Do both VMs use the same portgroup? Do they run on the same hypervisor or on different?

-- Alex (VMware VCAP-DCV, NetApp NCIE, LPIC 2)
0 Kudos
lateagain2
Contributor
Contributor

High Availability — Troubleshooting High Availability Clusters | pfSense Documentation

Specifically make a port groups for interfaces with carp.

  • Enable promiscuous mode
  • Enable MAC Address changes
  • Enable Forged transmits
  • If multiple physical ports exist on the same vswitch, the Net.ReversePathFwdCheckPromisc option must be enabled to work around a vswitch bug where multicast traffic will loop back to the host, causing CARP to not function

[although I thought it was Net.ReversePathFwdCheck that had to be set]

0 Kudos