I would like to point out, that netgate docs says you should increase the base, not the skew, but thanks to point this out for me! "If CARP appears to be too sensitive to latency on a given network, adjusting the Base by adding one second at a time is recommended until stability is achieved."
Great video!! Question.. I changed my default TCP port under System\Advanced\Admin Access to 10443. Does this mean for my SYNC rule, i need to also use port 10443 for the Allow Config Sync rule?
I have 3 windows 10 vm installed on vmware workstation 15 on windows 2016 server, Those all 3 machines have vpn app installed and are connecting to the Host OS internet by bridge connection. Now I want to use the internet sharing of these 3 machines to 3 virtual WAN port Pfsense router , which will be my 4th vm on vmware workstation. The Lan side of Pfsense will be connecting to a Proxy Server installed as the 5th vm on Host OS which will give access to my 5 pc on the same Lan. How I can accomplish this thing. Your help will be highly appreciated. Thanks in advance,
Hello, I have seen your entire video and it is very interesting, I have configured my pfsense with HA + CARP but I am having problems configuring an OpenVPN, the truth is I don't know if you have any video or you can do something to configure openvpn with ha + carp, I just don't I have managed to connect the client user to the server through wan carp
I am confused on why you used 192.168.80.51 thru 53 for the wan ip address's. Those are internal address's. Are you just using those lan address's just to show us? Or is there a way to use wan address via using a old router, turn all firewall rules off, and then set the gateway on it to the 52 and feed pfsense1 and another router set to 53 to feed pfsense2? I am using comcast and i get several wan address's from them via dhcp when in bridge mode. If this works could you then use a third router and do the same thing to be used for the WAN VIP? Or do these all have to be static ip address from my ISP? I would think that my idea should work with the up front routers and will be used just to send the internal ip address then to each box exactly like you show. That way you dont have to pay for staic ip address. I set mine all up about a week ago and everything worked except I didn't have a staic ip for my wan VIP and I lost the internet but internal lan worked. I am getting a couple of older linksys wrt54g router in this week and will try this unless you say it will not work. Otherwise GREAT WORK!!!
Great question. The 80.51-53 are just my "pretend" static IPs from my make believe ISP. These would actually be your static IPs given to you by your provider, just use them and correct subnet and you should be fine. I don't believe a pool of DHCP addresses will have the desired affect you are looking for. Correct, if you wanted to just have a single DHCP address from your provider, you could technically do what I did and set everything up behind a NAT router and use your own internal IPs behind it, adding as many servers as you want. You should only need one router to act as the gateway for all of the pfsense servers. Good luck and thanks for watching!
I was thinking the same. Set comcast router to bridge mode, assign static IPs to pfsense1 and pfsense2 and avoid creating a WAN VIP. I'm in the process of doing this same scenario with High Availability. Did you create a VIP for the WAN or only for the LAN?
I would like to point out, that netgate docs says you should increase the base, not the skew, but thanks to point this out for me!
"If CARP appears to be too sensitive to latency on a given network, adjusting the Base by adding one second at a time is recommended until stability is achieved."
Is there a disadvantage to start with a 110 skew instead of 100 to avoid stability issues completely on the WAN interface?
How can I do nat so every traffic outcoming throught ipsec is natted as a totally different subnet?
Great video!! Question.. I changed my default TCP port under System\Advanced\Admin Access to 10443. Does this mean for my SYNC rule, i need to also use port 10443 for the Allow Config Sync rule?
I have 3 windows 10 vm installed on vmware workstation 15 on windows 2016 server, Those all 3 machines have vpn app
installed and are connecting to the Host OS internet by bridge connection. Now I want to use
the internet sharing of these 3 machines to 3 virtual WAN port Pfsense router , which will be
my 4th vm on vmware workstation. The Lan side of Pfsense will be connecting to a Proxy Server installed
as the 5th vm on Host OS which will give access to my 5 pc on the same Lan. How I can accomplish
this thing. Your help will be highly appreciated. Thanks in advance,
Hello, I have seen your entire video and it is very interesting, I have configured my pfsense with HA + CARP but I am having problems configuring an OpenVPN, the truth is I don't know if you have any video or you can do something to configure openvpn with ha + carp, I just don't I have managed to connect the client user to the server through wan carp
Hi, you didnt test connectivity to the internet from the host on the LAN, with those settings it wont work.
Both my boxes stay as master ! Why ?
I am confused on why you used 192.168.80.51 thru 53 for the wan ip address's. Those are internal address's. Are you just using those lan address's just to show us? Or is there a way to use wan address via using a old router, turn all firewall rules off, and then set the gateway on it to the 52 and feed pfsense1 and another router set to 53 to feed pfsense2? I am using comcast and i get several wan address's from them via dhcp when in bridge mode. If this works could you then use a third router and do the same thing to be used for the WAN VIP? Or do these all have to be static ip address from my ISP? I would think that my idea should work with the up front routers and will be used just to send the internal ip address then to each box exactly like you show. That way you dont have to pay for staic ip address. I set mine all up about a week ago and everything worked except I didn't have a staic ip for my wan VIP and I lost the internet but internal lan worked. I am getting a couple of older linksys wrt54g router in this week and will try this unless you say it will not work. Otherwise GREAT WORK!!!
Great question. The 80.51-53 are just my "pretend" static IPs from my make believe ISP. These would actually be your static IPs given to you by your provider, just use them and correct subnet and you should be fine. I don't believe a pool of DHCP addresses will have the desired affect you are looking for. Correct, if you wanted to just have a single DHCP address from your provider, you could technically do what I did and set everything up behind a NAT router and use your own internal IPs behind it, adding as many servers as you want. You should only need one router to act as the gateway for all of the pfsense servers. Good luck and thanks for watching!
I was thinking the same. Set comcast router to bridge mode, assign static IPs to pfsense1 and pfsense2 and avoid creating a WAN VIP. I'm in the process of doing this same scenario with High Availability. Did you create a VIP for the WAN or only for the LAN?
best video ever and indept