Hi,

The Vigor 2927 is working fine connected to my Community Fibre ONT. The LAN side of the Vigor generally works fine; I can add my laptop and get to the Internet. However, I can't seem to get the Vigor to recognise the VIP for my pfsense (I use pfsense firewalls in HA mode, which use CARP protocol). I even tried to bind the VIP to the virtual MAC; but I can't get the Vigor to recognise the VIP. The Vigor can see the real IP addresses of the pfsense devices but not the VIP. I tried to ping the VIP from the Vigor but that just times out. No VIP/MAC entries in the Vigor's ARP table. And I double-checked that the Vigor's HA functionality was disabled just in case there might have been a conflict.

Do note that the pfsense devices work fine in HA mode on my second (temporary) WAN connection on the Sky ADSL router. The Vigor has been configured with the same IP address range as the Sky router (192.168.0.1) so that I could just lift-and-shift the pfsense devices. I can get disable CARP on the pfsense devices and I can get access through the Vigor to the Internet.

All my troubleshooting indicates something that my issues are due to something within the Vigor and not due to the pfsense devices. But I'd like confirmation, and maybe any help on options and tips. Thanks in advance!

I need to do some further testing, but I think I have this working now. I disabled "Decline VRRP MAC into ARP table." as VRRP and CARP are similar. This did not have an immediate effect, so I then disabled "Block ARP replies with inconsistent destination MAC addresses." and "Block ARP replies with inconsistent source MAC addresses.". This seems to have done the trick. It's late now, so I'll do some further testing tomorrow. Looks promising!