Project

General

Profile

Actions

Bug #14798

closed

can't ping VIP addresses from the secondary node

Added by David Texier about 1 year ago. Updated about 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
CARP
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

Hello,
I have a master/slave pfsense cluster.Everything is working properly (HA proxy , OpenVPN, Ipsec , etc..) except one point :

The master Pfsense has a DMZ_PRIV_ADMIN (lan) -> vtnet1.3 = 10.249.3.2/24
The slave Pfsense has a DMZ_PRIV_ADMIN (lan) -> vtnet1.3 = 10.249.3.3/24
A VIP is set 10.249.3.1/24 used as a gateway.

On the master firewall , in a ssh console, i can ping 10.249.3.3 , 10.249.3.2 and 10.249.3.1
On the slave firewall , in a ssh console, i can ping 10.249.3.2 but i have no answer if i ping 10.249.3.1 (hosted by the master)
If a make a tcpdump on the slave firewall, on the vtnet1.3 interface i can see the ICMP echo request and ICMP echo reply

15:01:47.330146 IP 10.249.3.3 > 10.249.3.1: ICMP echo request, id 5703, seq 37, length 64
15:01:47.339316 IP 10.249.3.1 > 10.249.3.3: ICMP echo reply, id 5703, seq 37, length 64
15:01:48.341908 IP 10.249.3.3 > 10.249.3.1: ICMP echo request, id 5703, seq 38, length 64
15:01:48.351079 IP 10.249.3.1 > 10.249.3.3: ICMP echo reply, id 5703, seq 38, length 64
15:01:49.352374 IP 10.249.3.3 > 10.249.3.1: ICMP echo request, id 5703, seq 39, length 64
15:01:49.361733 IP 10.249.3.1 > 10.249.3.3: ICMP echo reply, id 5703, seq 39, length 64
15:01:50.372539 IP 10.249.3.3 > 10.249.3.1: ICMP echo request, id 5703, seq 40, length 64
15:01:50.382017 IP 10.249.3.1 > 10.249.3.3: ICMP echo reply, id 5703, seq 40, length 64
15:01:51.384570 IP 10.249.3.3 > 10.249.3.1: ICMP echo request, id 5703, seq 41, length 64
15:01:51.394114 IP 10.249.3.1 > 10.249.3.3: ICMP echo reply, id 5703, seq 41, length

But the ping says : 100.0% packet loss

I have this problem since my upgrade to the latest 2.7.0 (everything is ok on pfsense with an inferior version)

What could be the reason ?


Related issues

Is duplicate of Regression #14026: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP addressResolved

Actions
Actions #1

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Duplicate
  • Priority changed from High to Normal

Duplicate of #14026

Actions #2

Updated by Jim Pingle about 1 year ago

  • Is duplicate of Regression #14026: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address added
Actions #3

Updated by Jim Pingle about 1 year ago

  • Subject changed from can't ping VIP adresses from the slave Pfsense to can't ping VIP addresses from the secondary node
Actions

Also available in: Atom PDF