Aysad Kozanoglu - Mimarist

Server Howtos & Tutorials

pfSense multiple WAN ips High available CARP failove konzept

12 Mai, 2018 | Server Anleitungen

 

undefined

 

pfSense: howto make multiple WAN public ip's failover CARP high available
pfSense multiple WAN public IPs HA failover CARP (Demonstration in Virtualbox environment)

i will show you to make 2 public ip's high available (HA)

requirement
+ workstation or laptop with CPU Supported Virtualisation and installed virtualbox

+ 2x VMs for pfSense's with two NIC's (network adapter)
+ nic1 for WAN side (virtualbox bridged with allow all option)
+ nic2 for LAN side (virtualbox internal with allow all option)

+ 1x Destop GUI OS (like debian gnome) to access pfSense's WEb Gui
+ nic1 LAN side (virtualbox internal network with allow all option)

in the real production World the public's are like 217.xx or 81.xx or 93.xx s.o. Normally your isp provider will give you this ip's.

so i am in virual environment to demonstrating, my public World ip's will be begin with:
192.168.188.xxx

my protected local network (behind the pfSense protection) will begin with:
192.168.10.xxx

pfSense's VM has two NIC's
+ nic1 for WAN side (192.168.188.xxx) (virtualbox bridged with allow all option)
+ nic2 for LAN side (192.168.10.xxx) (virtualbox internal with allow all option)

pfSense-1 WAN 192.168.188.110 (static assign)
pfSense-2 WAN 192.168.188.111 (static assign)

pfSense-1-2 192.168.188.112 (CARP failover HA)
pfSense-1-2 192.168.188.113 (CARP failover HA)

Desktop GUI OS has one NIC
debian-GUI 192.168.10.xxx

in this case i will be able to access to my local protected network(192.168.10.xxx) over the "public world" ip 192.168.188.112 or .113