The pfSense Store

Author Topic: cant leave CARP maintenance mode  (Read 136 times)

0 Members and 1 Guest are viewing this topic.

Offline volosatiy_slon

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
cant leave CARP maintenance mode
« on: October 12, 2017, 06:18:43 am »
Hi
I was need to move pfsense master node to another host and did following:
1. Put CARP to maintenance mode
2. Wait that all interfefaces became backup
3. Shutdown VM, move to another host and powered it on
4. test network connectivity on WAN, LAN and dedicated sync interfaces - all ok
5. push "leave maintenance mode" in interface

After this I see:
-lan servers successfully ping LAN IPs of both nodes but ping of CARP IP is failed
-wan hosts successfully ping WAN IPs of both nodes but ping of CARP IP is failed
-wan hosts cant open connection to lan server through NAT
-both node have absolutely normal log messages, without errors etc

How I can diagnose this, what I need to look in before leave maintenance mode, what I doing wrong?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: cant leave CARP maintenance mode
« Reply #1 on: October 12, 2017, 08:25:47 am »
You may have some other problem causing the node to demote itself.

What does the CARP status page look like on both units?

Are there any interfaces enabled but in a 'down' state either on purpose or unintentionally?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline volosatiy_slon

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: cant leave CARP maintenance mode
« Reply #2 on: October 12, 2017, 10:08:23 am »
You may have some other problem causing the node to demote itself.

What does the CARP status page look like on both units?
Before leaving m.mode - old master shows all interfacess backup, backup shows all interfaces - master
after leaving m.mode - vice versa.

Are there any interfaces enabled but in a 'down' state either on purpose or unintentionally?
No. As I wrote upper - all interfaces is UP state and answer for icmp requests (ping - ok)