Topics - klingon888

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - klingon888

Pages1

High availability / our AdvLinkMTU on vtnet0 doesn't agree with fe80::192:168:1:1

August 09, 2024, 03:05:57 PM

I'm getting these warnings in my logs in both Master and Backup servers. How to fix? Thanks.

Code Select

radvd: our AdvLinkMTU on vtnet0 doesn't agree with fe80::192:168:1:1

- vtnet0 is my LAN
- fe80::192:168:1:1 is my VIP link local address setup according to https://docs.opnsense.org/manual/how-tos/carp.html#setup-virtual-ipv6-link-local-address
- IPv6 is setup as SLAAC
- MTU is left at defaults, not configured in any interfaces

High availability / [Solved] arp: xx:xx:xx:68:dd:f0 is using my IP address

July 30, 2024, 02:56:14 PM

FW1- xx:xx:xx:db:9b:4c
FW2- xx:xx:xx:68:dd:f0
VLAN10- 192.168.10.1

I'm on v24.1.10_3 and set up CARP following Opnsense's docs and it seems to be working with auto fail-over.

BUT I keep getting this Notice in FW1 logs complaining about FW2 using its IP address:

Code Select

<3>arp: xx:xx:xx:68:dd:f0 is using my IP address 192.168.10.1 on vlan0.10!

Due to this, my VLAN0.10 keeps getting disconnected. This goes away when I poweroff my FW2. How do I fix this? Thanks.

General Discussion / IPv6 and dynamic DNS updates

May 29, 2024, 02:34:22 AM

With IPv4, I only have 1 external WAN IP address, so the DDNS update can be done at the router level. But with IPv6, I can have 5 servers with 5 different external IPv6 addresses.

Since most providers dont provide static IPv6 yet, whats the best way to update my AAAA entries at the DDNS provider? Do I run separate update bash scripts on each of the servers? And aside from setting up a cronjob for the update, how do I detect when the IP changes at the server level so I can trigger an update?

High availability / Devices/Servers with static Gateway

May 26, 2024, 11:02:39 PM

FYI, I also posted this on the Reddit grp, hoping will get answer on either forum.

I managed to get High Availability/CARP working.

Firewall 1 IP: 192.168.1.1
Firewall 2 IP: 192.168.1.10
VIP LAN: 192.168.1.220

Now, my problem is with existing IOT devices (lots!) and Proxmox LXC/VMs which I have set up with static IPs/Gateways where the Gateway is pointing to 192.168.1.1. So, when I switch the Master over to 192.168.1.10, everything stops working. I can manually change all my existing devices Gateway to the VIP LAN IP of 192.168.1.220 but its going to be painful. Its also not a smart way of doing this in case I need to revert back to a single Firewall. Is there a smarter or simpler way of doing this? Googling didnt turn up anything. Thanks.

Pages1