Hi, pfsense enforces carp constraints which restrict usage of carp to a use case where the host IP must be in the same network as the virtual IP.
If I look into the BSD documentation I don't find this restriction. I read in the OpenBSD documentation (sorry for that, but I don't find it in the FreeBSD docs): "This is the shared IP address assigned to the redundancy group. This address does not have to be in the same subnet as the IP address on the physical interface (if present). This address needs to be the same on all hosts in the group, however." Do you agree with this documentation on FreeBSD? If so I wish strongly to remove the restriction in the pfSense software. We have a use case here, where we want to build up a HA solution with some /29 IPv4 networks. If you assume that you get many public /29 networks you don't want to assign for each pfSense a address from all networks. Assume all addresses are in use with 1:1 NAT - you see the problem here? I have to change many many many stuff here to make it work with a pfsense HA cluster. Not everywhere is DNS used, find all clients which uses this IP and port, make change requests to other companies ... The easiest way to migrate would be to make the "old" public IP the virtual IP and give the devices one public IP from only one subnet or give them no public host IP at all. In the second case the backup device woudln't have a working default route but that would be okay in this case. Change the setup is much more expensive, so no default route is the better case. Regards Oli
signature.asc
Description: PGP signature
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
