CARP failing over (and activating addresses) before settings are applied.

[noses]

Version 18.7.7 (and probably in all versions before because nobody ever looked at it)

Try:

1) Set up a set of paired OPNsenses.
2) Start adding CARP interfaces on the master but do not apply changes (e. g. because you want to have them created all at once as you are working in a live environment).
3) Take a look at Firewall->Virtual IPs->Status on the backup machine.

You will find it to be master for all the new interfaces you created.

This thoroughly cramped my style... I wanted to set up the final pieces on the replacement router by adding all the CARP interfaces to take over the router IP addresses across a collection of separate network segments at once and suddenly around me chaos broke out because the backup machine started messing up ARP tables by becoming active.

If this is an intentional feature it should be documented in a highly visible place... And if this is the intention what is the "Apply changes" button intended for?


Achim

[AdSchellevis]

Can you create an issue on GitHub for this (https://github.com/opnsense/core), this looks like old behaviour we should change....

When writing the config, it calls :
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/inc/config.inc#L164


Which then calls:
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/rc.filter_synchronize#L168


And triggers a setup on the backup:
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/inc/xmlrpc/legacy.inc#L200-L234


I think we should skip the whole sync on config write idea in 19.1 and leave it up to the user, since we have a status page for this now so we avoid changes being made which may lead to an invalid configuration.