Trying to get an HA pfsense in lab for funsies, and to move my lab VLAN routing down to the lab.
I’m having issues getting the pfSense CARP to work though, only on the distributed switch.
The WAN interface on both pfSense are connected to standard vSwitch, which is using a 1gb connected to a 1gb switch.
WAN CARP is working fine like this.
All the VLANs are trunked on my 10Gb switches.
When I move the “WAN” network to a portgroup on the dvSwitch, that CARP starts showing the same symptoms; both think they’re master for the CARP VIP.
They are still reachable though, so it’s not a connectivity or VLAN config issue.
When both pfsense are on the same host, the issue persists as well. I believe that should remove layer 2 from a possible issue.
Packet capture on the individual VLAN interfaces in pfsense show that there’s no multicast being received from the other VM.
The 2 pfsense can ping each other on the appropriate VLAN interfaces, and they are all reachable from my workstation.
Anything that would cause this? I do have promiscuous, mac address change, and forged transmits enabled.
Just seems like multicast isn’t being passed through.
View Reddit by cmwgimp – View Source