OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: timo-fc on May 31, 2021, 05:48:29 pm
-
Hi,
I have a OPNSense master (FW1) backup (FW2) setup with CARP IPs on the LAN and WAN site (preempt enabled).
Under normal conditions everything works as expected.
If I disconnect the LAN or WAN cable from the master (FW1). All CARP IPs are switched over to the backup OPNSense (FW2) which becomes the CARP master.
But if in the situation that the master OPNSense (FW1) is in "Persistent CARP Maintenance Mode" (CARP demotion level 240) and the backup OPNSense (FW2) is therefore CARP master, an interface e.g. WAN from the backup OPNSense (FW2) gets faulty (or disconnected -> CARP demotion level 240) only the WAN IP switches back to the FW1 (which is in Maintenance Mode) and the LAN IP stays on FW". Therfor CARP WAN and LAN IPs are not on the same OPNSense.
Is that behaviour intended?
Is it possible to change CARP environment variables to prevent the IP split in this situation. In other words mack the LAN IP switch with the WAN IP on FW1 although it is in Maintenance Mode?
The reason for that is that FW1 was in "Persistent CARP Maintenance Mode" after a bust of interface errors. And I wound like still have the possibility for a fallback if an interface on FW2 went relay down.
OPNsense Version 21.1.6
net.inet.carp.ifdown_demotion_factor: 240
net.inet.carp.senderr_demotion_factor: 240
net.inet.carp.demotion: 0
net.inet.carp.log: 1
net.inet.carp.preempt: 1
net.inet.carp.dscp: 56
net.inet.carp.allow: 1
net.pfsync.carp_demotion_factor: 240
(net.inet.carp.demotion change to 240 in the described situations)