Project

General

Profile

Actions
Copy link

Regression #13001

closed

HA sync using shared CARP WAN IP results in Interface not found: '_vip577745067c45c' on backup

Added by Steve Y over 3 years ago. Updated over 3 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

I set up IPSec on an HA setup recently. Per the docs (https://docs.netgate.com/pfsense/en/latest/highavailability/ipsec.html#carp-vip-as-ipsec-endpoint) the shared WAN can be chosen as the IPSec interface in phase 1. However when the HA sync replicates to the backup router, the backup is given the value from the Interface dropdown on router1, not the actual IP. Thus the GUI for IPSec phase 1 on router2 shows error:

Interface not found: '_vip577745067c45c'

Note this is the "CARP shared WAN IP" value from router1:

dropdown on router1:

<select class="form-control" name="interface" id="interface">
<option value="wan">WAN</option>
<option value="lan">LAN</option>
<option value="opt1">OPT1_PFSYNC</option>
<option value="opt4">OPT4_MGMT</option>
<option value="_vip577745067c5d0">10.x.x.2 (Hardware Net alias)</option>
<option value="_vip577745067c45c" selected="">64.x.x.150 (CARP shared WAN IP)</option>
<option value="_vip577745067c47b">74.x.x.1 (CARP shared LAN IP)</option>
<option value="_vip577745067c494">10.x.x.1 (CARP shared Hardware Net LAN IP)</option>
<option value="_vip577745067c4c9">2607:ff50:x:x::1 (CARP shared LAN IPv6)</option>
<option value="_vip5d4e2313d4f4b">2607:ff50:x:y:15 (CARP shared WAN IPv6)</option>
</select>

dropdown on router2:

<select class="form-control" name="interface" id="interface">
<option value="wan">WAN</option><option value="lan">LAN</option>
<option value="opt1">OPT1_PFSYNC</option><option value="opt4">OPT4_MGMT</option>
<option value="_vip57772fa533690">10.x.x.3 (Hardware Net LAN IP alias)</option>
<option value="_vip57772fa53342c">64.x.x.150 (CARP shared WAN IP)</option>
<option value="_vip57772fa533467">74.x.x.1 (CARP shared LAN IP)</option>
<option value="_vip57772fa53349a">10.x.x.1 (CARP shared Hardware Net LAN IP)</option>
<option value="_vip57772fa5334fc">2607:ff50:x:x::1 (CARP shared LAN IPv6)</option>
<option value="_vip5d4e22895141f">2607:ff50:x:y:15 (CARP shared WAN IPv6)</option>
</select>

If router2 is set to the correct choice, at the next sync it breaks again.

In my case these are both SG-4860 routers on v22.01. I don't have another HA setup handy to try to replicate.

Forum thread: https://forum.netgate.com/topic/171092/ha-sync-results-in-interface-not-found-_vip577745067c45c-on-backup

Actions
Copy link

Also available in: Atom PDF