Dual WAN links wih CARP hardware failover

Started by max1m0, September 20, 2018, 12:37:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 20, 2018, 12:37:12 PM
Hi All,

I am new here so i need help if is possible.

I have 2 WAN links from two different ISP providers.
I want to set up WAN link failover and opnsense hardware failover.
Please if someone has a diagram how should look at this setup.

Thanks all!
September 20, 2018, 01:26:51 PM #1
DialUP WAN or with /29 Networks or what? It would be better you draw a picture
September 21, 2018, 01:29:58 PM #2
Hi,

Thanks for the response,

Here is the current network diagram. I want to build a hardware failover with 2 OPNsense machines.
Please advise config.

September 21, 2018, 02:40:27 PM #3
This is one of the easier designs, just follow the official docs:

https://docs.opnsense.org/manual/how-tos/carp.html

September 24, 2018, 10:11:45 AM #4
Thank you ...it confuses me right side of diagram ...what type of router/switch will be here? what model?
September 24, 2018, 10:19:48 AM #5
The IP addresses on the right side also belong to OPNsense. You just have to add the gateway IP and it has to be in the same network as your CARP net (WAN).
September 28, 2018, 03:23:23 PM #6
I should try to simulate failover with VirtualBox first. What is your opinion? Do you have any other solution how to simulate this config?
September 28, 2018, 03:40:33 PM #7
No, binding LAN and TAP to a bridge is really error prone, also without CARP .. I strongly suggest to rethink your network in order to have a stable setup. Also if you hack something in so it works, you'll always have strange errors when something bad comes into play.

Really, I'm nearly 20 years in the business .. stretching a (V)LAN over a wire always ended in chaos.
September 28, 2018, 05:35:53 PM #8
Just setup two OPNSense Servers, each one with a cable from each modem, setup High Availability to sync the configs and setup a CARP. Assign the Interfaces from the modem and lan and set the IP's.
Create a Gateway Group, add the two Interfaces and choose if you want only Failover or Load Balancing.
Create a Firewall Rule on the LAN Interface and set the Gateway option to your Gateway Group.
This is a brief explanation but if you are into OPNSense, PFSense you should be able to do it.

Note: Your LAN devices should have the CARP IP as Gateway.
Print
Go Up Pages1
User actions