Feature #16598: Prevent master takeover if critical services are not running + forced failover on service failure - pfSense Plus - pfSense bugtracker

Actions

Copy link

Feature #16598

open

Prevent master takeover if critical services are not running + forced failover on service failure

Added by Jászay Gábor 4 days ago. Updated 3 days ago.

Status:

Incomplete

Priority:

Normal

Assignee:

Category:

CARP

Target version:

Start date:

Due date:

% Done:

Estimated time:

Release Notes:

Default

Description

In CARP-based HA setups, pfSense currently makes the master/backup decision primarily based on CARP state and interface availability.
However, this can lead to false master situations where the node becomes MASTER even though critical services are not running or are unhealthy.

This is especially problematic in production environments where pfSense acts as a firewall and service provider (e.g. OpenVPN server, DNS, DHCP, HAProxy, IPS/IDS).
I'm attaching a rudimentary script to show you what I think.

Files

carp_demote_on_service_fail.sh (3.82 KB) carp_demote_on_service_fail.sh

Jászay Gábor, 12/20/2025 06:14 AM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Plus

Custom queries

Feature #16598

Prevent master takeover if critical services are not running + forced failover on service failure

Updated by Kris Phillips 3 days ago