pfSense and CARP on vmware-server

Before I forget, I wanted to document the necessary details for getting CARP to work on pfSense running under vmware-server 1.0.7. IT IS BROKEN by default, because the vmnet driver does not recognize the (emulated) MAC address used by CARP (and VRRP): 00-00-5E-00-01-XX

The symptom is that the carp0 interface appears but cannot be communicate, and failover does not happen. Reason being, the vmnet driver is silently dropping the packets on the floor!

To get it working requires a patch (on the host) to vmnet-only/driver.c and recompile.

Here is the patch for vmware-server-1.0.7 for Linux. Save it into /tmp/driver.c.patch

--- vmnet-only/driver.c.orig 2008-10-08 15:37:23.000000000 -0500
+++ vmnet-only/driver.c 2008-10-08 15:44:50.000000000 -0500
@@ -1284,6 +1284,9 @@
 
    return ((flags & IFF_PROMISC) || MAC_EQ(destAddr, ifAddr) || 
     ((flags & IFF_BROADCAST) && MAC_EQ(destAddr, broadcast)) || 
+  ((destAddr[0] == 0) && (destAddr[1] == 0) &&
+   (destAddr[2] == 0x5e) && (destAddr[3] == 0) &&
+   (destAddr[4] == 1)) ||
     ((destAddr[0] & 0x1) && (flags & IFF_ALLMULTI || 
       (flags & IFF_MULTICAST && 
        VNetMulticastFilter(destAddr, ladrf)))));

The file is a little hard to find, being hidden in a vmnet.tar below /usr/lib/vmware/modules/source/ ...

cd /usr/lib/vmware/modules/source
tar xvf vmnet.tar
patch < /tmp/driver.c.patch
tar cvf vmnet.tar vmnet-only
vmware-config.pl

Then, choose the option to recompile the kernel drivers, specifically vmnet.

The one other addl. need (I'm not 100% sure on this) is that it may be necessary to allow promiscous on the ethernet device, in the .vmx file...

ethernet0.nopromisc = "false"

References...

• VRRP & CARP with VMware Server
  
• CARP problem with VMWare Server