Dear all, at best of my knowledge CARP/pfsync can be used in a truly seamless manner (for a client perspective) only when pfSense acts as a mere firewall, but it does not work seamlessly when pfSense acts as a captive portal, for two reasons: 1) the database of the authenticated users is not synced across the gateways of a CARP cluster and for this reason a used should re-authenticate after a failover; 2) the ipfw firewall is not supported by pfsync.
In order to find a workaround to this situation I have written some PHP code that leveraging on XMLRPC allow to synchronize the authenticated user database and the ipfw rules across the two gateways (by using a direct link between them, used also by pfsync). However, I am still not able to achieve a really seamless failover between the master and the backup node. In other words, an authenticated user that is watching a Youtube video before the failover, after the failover he still remains authenticated, but he has to reload the Youtube video. In my opinion, the real bottleneck is ipfw, but maybe I am missing some points. Do you have some ideas? -- Stefano* *
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
