Configure pfSense active-passive high-availability clusters with Corosync and Pacemaker on OCI

September 19, 2022 | 3 minute read
Mayank Kakani
Cloud Architect
Text Size 100%:

Having your mission-critical applications be highly available is always a good practice. It helps you tackle those unforeseen outages, patches, and system updates so you can be at peace. Your firewall also needs to be highly available because, if your firewall goes down, who keeps your environments secure from cyber security threats? Not having a highly available firewall is an easy way to lose sleep.

This blog post shows you how to use pfSense, the world’s leading open source all-in-one firewall, router, and VPN solution in a highly available setup on Oracle Cloud Infrastructure (OCI).


pfSense software is one of the few open source solutions that offers enterprise-class high availability capabilities with stateful failover, allowing the elimination of the firewall as a single point of failure.

High availability on pfSense software is achieved through a combination of the following features:

  • CARP for IP address redundancy

  • XMLRPC for configuration synchronization

  • pfsync for state table synchronization

But we can’t achieve IP address redundancy in the cloud because CARP uses multicast, which many cloud providers don’t support. Oracle is the only public cloud provider that supports Layer 2 network virtualization and multicast, but our multicast capabilities are limited at this moment and CARP isn’t supported.

How to achieve high availability

I’m using Pacemaker and Corosync to address the IP address redundancy issue. Pacemaker and Corosync utilize unicast heartbeats to monitor the cluster node’s health. I assign a virtual IP resource to Pacemaker, and Pacemaker automatically moves the virtual IP resource to a healthy node when the node it’s assigned to goes down. This functionality allows us to direct traffic from one node to another if one of them goes down.

We still use XMLRPC for configuration sync and pfsync for the state table sync.

Getting started

pfSense isn’t officially supported on OCI by Netgate or Oracle. If you run into some trouble, you have no support line. Talk with the pfSense support team before trying out this setup. This blog is for tech enthusiasts who can handle a few things going wrong.

Keep the following concepts in mind throughout the tutorial:

  • I have one regional virtual cloud network (VCN) setup with two subnets: Public and private with the CIDRs of and

  • I call my primary instance Node1.

  • I call my secondary instance Node2.

  • Node1 has the hostname "pfsense-primary" and has the IP,

  • Node2 has the hostname "pfsense-secondary" and has the IP,

  • You can use pfSense Edit File tool to make file changes. You can find it in pfSense Console under Diagnostics by selecting Edit file.

  • I use the term pfSense shell throughout this blog. You can find the shell by SSHing into the instance and selecting 8 in the pfSense menu.

Set up the two nodes in different availability domains so they can ping each other. You can have these nodes set up in different VCNS or regions, but define the proper peering gateways and route tables to allow nodes to reach each other. If you can’t ping them, check your pfSense firewall rules and OCI security list associated with your instance and allow ICMP traffic.


To configure pfSense high availability in OCI, check out our tutorial for a step-by-step.


This tutorial shows you how to set up pfSense high-availability clusters in OCI with the help of Pacemaker and Corosync.

Oracle Cloud Infrastructure provides enterprise-grade features for developers to build modern cloud applications while supporting the open source developer tools and solutions you’re already used to. Create your Always Free subscription, which comes with US$300 credits trial credits.

Mayank Kakani

Cloud Architect

Previous Post

Accessing Istio addons in OKE by ingress gateway

Rithesh Subramanian | 8 min read

Next Post

Oracle Ksplice: Helping guard Linux systems from security breaches with zero-downtime patching

Gursewak Sokhi | 3 min read