XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Site outage. pfSense VM offline after pool master reboot

    Scheduled Pinned Locked Moved Management
    6 Posts 3 Posters 83 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      McHenry
      last edited by McHenry

      We downed our pool master (no VMs) for testing and the router VM (pfSense) lost internet connectivity.

      When we restarted the master the router VM still has no internet connectivity.
      All VMs,including the router are online in XO.
      8e09b11c-d718-42fb-9aea-2a8ebd9f48b2-image.png

      From the pfSense console I can ping VMs on the LAN however there is internet connectivity.

      Everything looks fine so I am at a loss as to what the issue is.
      50f4713b-1f37-49ee-ac1c-453f9a0364ef-image.png

      M 1 Reply Last reply Reply Quote 0
      • M Offline
        McHenry @McHenry
        last edited by

        When I try to manually configure the management interface as eth0 i get this:
        b3fc2ce7-ba9a-4bf9-a39c-7be82b29d5b8-image.png

        The NIC appears to be there and connected:
        344f8cd0-7d41-464e-a773-3e60c6883a26-image.png

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          McHenry @McHenry
          last edited by

          This problem has since been resolved.
          The issue related to running pfSense as a VM when using an additional IP form OVH Cloud.
          When using an OVH additional IP on pfSense the MAC address of the additional IP needs to be entered in the WAN configuration.
          428e2149-dc16-4f6f-8d60-8f681dd8ab63-image.png

          When we restored this pfSense VM from CR and then migrated it to our production host the MAC address had been changed in XO. Once the correct MAC address was reentered into pfSense everything worked again.
          This is a real gotcha when running pfSense as a VM using CR on a host that is not part of the main pool.

          M 1 Reply Last reply Reply Quote 1
          • M Offline
            McHenry @McHenry
            last edited by

            I am very concerned that the pfSense VM went offline yesterday when the pool master was shutdown even through the pfSense VM was running on the slave.

            If I can get an understanding of how this happened I can better mitigate it from happening again.

            I have just reread this to ensure I understand the master/slave relationship:
            https://xcp-ng.org/forum/topic/6986/pool-master-down-restart-makes-the-whole-pool-invisible-to-xo-till-master-is-online-again/9?_=1764739019505

            Can anyone suggest a reason as to why the pfsense VM went offline when the master was down?

            As the router role is crucial and there are a number of moving parts to ensure it works as a VM I am seriously considering running it as a standalone server.

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              manilx @McHenry
              last edited by

              @McHenry This should not happen. If thr VM runs on the slave and the master is rebooted or shut down it still should continue to run. Done this many times. The only thing happening is that XO can't access the VM's any longer as it needs the master.

              That being said: running the firewall/router on a VM opens you to a lot of future pain (as you just have experienced). Don't do that unless you absolutely must and can work around down-times caused by VM/host issues.

              Install it on a dedicated machine!

              P 1 Reply Last reply Reply Quote 0
              • P Online
                Pilow @manilx
                last edited by

                @manilx there is some cheap NETGATE appliances (Netgate 1100 or 2100) to put your PFSense+ out of virtual infrastructure.

                this is the way.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post