OPNsense Forum
English Forums => High availability => Topic started by: RatherOldMan on February 20, 2023, 10:17:28 pm
-
Hi all,
I installed two OPNsense identical Hardware-Firewalls, both updated to Version 23.1.1_2.
I configured High Availibility and the syncing works fine.
I configured a virtual CARP IP for the WAN Interface - ok - see it on the backup firewall.
But i cannot change Outbound NAT to that CARP VIP - there is no entry for that in Translation / target.
Only
- Single host or Network
- WAN address
- PFSYNC address
- LAN address
I tried an IP Alias on WAN - also not in that list.
Thx
The RatherOldMan
-
It was removed as it was being used as a fragile shortcut embedding the actual IP instead of the VIP designation so once you changed the VIP the entry in NAT was not changed. The plain IP configuration, however, should still apply as it was. A more robust solution would be to use aliases.
Cheers,
Franco
-
:)
Thx - works like a charm.
It should be mentioned in the HowTo.
https://docs.opnsense.org/manual/how-tos/carp.html
Wave,
The RatherOldMan
-
Hi,
I don't think the doc is wrong mentioning the plain IP address?
https://docs.opnsense.org/manual/how-tos/carp.html#setup-outbound-nat
Cheers,
Franco
-
Hi Franco,
yes and no.
I can choose "LAN net" from a list.
So I thought the Translation / target is ALSO choosen from a list, entry is called "CARP virtual IP".
Old Humans are silly...
So I think it will be a good idea to add your "more robust solution":
Go to Firewall Aliases.
Create a Host(s)-alias for the CARP IP.
Go to Firewall NAT Outbound. ...
Cheers,
The RatherOldMan
-
Have you checked the behaviour on 23.1.2? There was a fix for this actually that surfaced.
Cheers,
Franco
-
Hi Franco,
atm i couldn't answer this - i deleted the whole CARP settings because of my disconnection / unstable connection problems.
https://forum.opnsense.org/index.php?topic=32856.0
Wave,
The RatherOldMan