We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

VMware pfSense IP Failover Issues


zalaxy
2015-08-08, 07:52 AM
Just an update to any one else having similar trouble. After running a second VM and having the failover IP working perfectly fine as well as the other server I tried with proxmox with no problems I realized the issue was with pfSense's configuration.

After trying a different approach I used jonlewi's guide which can be found here:
*Create a virtual MAC for the failover IP in OVH Manager*
1) Add an additional switch to VMware
2) Create a VM for pfSense, add 2 nics, one connected to each switch (ill call them wan and lan)
Id suggest having nic1 on WAN and nic to on LAN

3)Install pfSense
4)Add both NIC's in pfsense. If you are using the above setup, WAN will be em0 and LAN will be em1
5)Enable DHCP on em1
6)Create a new VM, install or run the live cd of ubuntu.
7)Log into pfsense in the ubuntu vm and go to 192.168.1.1
8)Go to "interfaces" then "WAN"
9)Change type to static, change the MAC address to the one from ovh manager
10)Set the IP address to failover IP /32
11)Save the configuration.

Now, go back to the pfsense VM and select option 8 (shell)
Lets assume the IP address on my dedicated server (NOT the failover) is 1.2.3.4. In this section i needed to change the last octet to 254. so it would be 1.2.3.254
So i would type in this...
route add -net 1.2.3.254/32 -iface em0

route add default 1.2.3.254
.

That did the trick for me. I'm going to add those commands to a config folder so they stick on reboot but just thought I'd share what helped me.

zalaxy
2015-08-07, 11:19 AM
Good Morning All,

I've been trying to get my VMware working with all the traffic going through a pfSense VM. The issue I'm currently having is that I cannot get the failover IP working with the VM. I've been using a few different guides to help me along.

My current setup:
  • E3-SAT-3
  • VMware 5.5.0 build-1331820
    • Had to manually load the realtek 8168 driver after the update to get it working.
  • Have 1 Failover IP with a VMware virtual mac assigned


This is a link to an image gallery with my current config. Same pics below.

For starters I was following this guide here, http://blog.dot11.eu/?p=238.
  1. Which led me to create this vswitch:
    http://i.imgur.com/2GdCqFR.png
  2. I then made sure to create a FO IP and assigned a VMware virtual mac address:
  3. Then assigned that mac address to the Network Adapter 1 for the pfSense VM:
    http://i.imgur.com/3h0BbV1.png
  4. Side note I used the following guide to help set up the pfSense VM:
    https://doc.pfsense.org/index.php/Pf...alling_pfSense

    The problem lies in that I must have messed up in the configuration somewhere because the gateway does not respond to the pfSense VM. No DNS. The pfSense can see other VMs no problem. In fact when I switch to a ubuntu VM and view pfSense's web interface I see more evidence of it not working
  5. The interface information:
    http://i.imgur.com/AGBAT7S.png
    Here you can see that I assigned a static address for the WAN to the failover IP. The gateway it's utilizing is the first three segments of the dedication servers IP which OVH's own guide dictates.
  6. Finally, looking at the gateway status I can see that it's not accepting either gateway.
    http://i.imgur.com/k24nMQq.png
    • GW_WAN = Main.I.P.254
    • GW_WAN = Fail.over.IP.254


To make sure I have the right gateway I went into ESXi and typed in the command "esxcli network ip neighbor list" which resulted in the Main.IP gateway.

At this moment I'm kind of stuck. I have a 2nd server that I'm going to try and setup proxmox on with a similar setup just to see if it's my lack of skill that's causing the issue. Any help would be greatly appreciated. I would really love to keep the pfSense as the firewall between everything. I've seen guides on how to get failover IP working directly with a VM but I'm doing this new set up to try and make a little more secure.

For reference these are the guides I've located that have helped me in this whole process: