Hi. I’ve a weird thing happening on my high availability setup running VRRP. I’ve two virtual machines running pfSense, both have an upstream (WAN) to the same router, the one that is configured with VRRP. I’ve configured IPsec tunnel on both firewalls (pfSense feature). However, when I tried to ping and traceroute I can only do on one side. What I meant by this is firewall1 can ping and traceroute to firewall2 but not the other way.
I’ve check the traceroute on pfSense firewall2 and it looks like the next hop is the VRRP interface address and not virtual address. This are the same when tracerouting to external IP address and also the remote IPsec tunnel subnets. However, I’ve tried the same on pfSense firewall1 and it looks like the next hop is the VRRP virtual address. You can refer below for example of our VRRP config:
group XX-public-103.173.XXX.XXX/30 {
interface eth2.355
no-preempt
priority 200
virtual-address 103.173.XXX.XXX/30 {
}
vrid 231
}
Tried running show vrrp and got this response VRRP data is not available (wait time exceeded) . By the way, we’re running VyOS 1.3.3. Thanks for all the help 