I would like to point out, that netgate docs says you should increase the base, not the skew, but thanks to point this out for me! "If CARP appears to be too sensitive to latency on a given network, adjusting the Base by adding one second at a time is recommended until stability is achieved."

Is there a disadvantage to start with a 110 skew instead of 100 to avoid stability issues completely on the WAN interface?

Great video!! Question.. I changed my default TCP port under System\Advanced\Admin Access to 10443. Does this mean for my SYNC rule, i need to also use port 10443 for the Allow Config Sync rule?

Hello, I have seen your entire video and it is very interesting, I have configured my pfsense with HA + CARP but I am having problems configuring an OpenVPN, the truth is I don't know if you have any video or you can do something to configure openvpn with ha + carp, I just don't I have managed to connect the client user to the server through wan carp

How can I do nat so every traffic outcoming throught ipsec is natted as a totally different subnet?

Hi, you didnt test connectivity to the internet from the host on the LAN, with those settings it wont work.

I am confused on why you used 192.168.80.51 thru 53 for the wan ip address's. Those are internal address's. Are you just using those lan address's just to show us? Or is there a way to use wan address via using a old router, turn all firewall rules off, and then set the gateway on it to the 52 and feed pfsense1 and another router set to 53 to feed pfsense2? I am using comcast and i get several wan address's from them via dhcp when in bridge mode. If this works could you then use a third router and do the same thing to be used for the WAN VIP? Or do these all have to be static ip address from my ISP? I would think that my idea should work with the up front routers and will be used just to send the internal ip address then to each box exactly like you show. That way you dont have to pay for staic ip address. I set mine all up about a week ago and everything worked except I didn't have a staic ip for my wan VIP and I lost the internet but internal lan worked. I am getting a couple of older linksys wrt54g router in this week and will try this unless you say it will not work. Otherwise GREAT WORK!!!

Both my boxes stay as master ! Why ?

I have 3 windows 10 vm installed on vmware workstation 15 on windows 2016 server, Those all 3 machines have vpn app installed and are connecting to the Host OS internet by bridge connection. Now I want to use the internet sharing of these 3 machines to 3 virtual WAN port Pfsense router , which will be my 4th vm on vmware workstation. The Lan side of Pfsense will be connecting to a Proxy Server installed as the 5th vm on Host OS which will give access to my 5 pc on the same Lan. How I can accomplish this thing. Your help will be highly appreciated. Thanks in advance,

best video ever and indept