Hello,
I setup two opnsense in HA mode. Theer are 4 Network Interface with virtual CARP IPs. The building gat change from copper to fiber and I become mediaconverter. So at the moment Failover works fine if one firewall gets down. But in future with the mediaconverter it could be happen, that one converter failed and only one network interface get down. I wanted to test this situation so i unplugged one cable from the active firewalls interface and the network didn't work. it looks like the slave doen't take over only this single carp ip. Is there an configuration where I can setup failover when only one interfaceget down?
Best regards,
Alexander
Do you have Disable Preemption ticked at master or slave?
Hallo,
Thank you for your answer.
I have disabled preempt on slave only. I enabled this option for testing. So it looks like the status for the carp ip changed now but i already have a problem.
following situation. Firewall with one server subnet (own interface) and one lan subnet (second interface). When i unplug the lan cable from master firewall it looks like the slave firewall take the lan carp ip. But the server from server subnet cannot route to lan subnet anymore. I think perhaps because the server subnet carp ip is on master and so the pakages will be routed on the master firewall throw the unplugged interface. so how can i change this behavoir? Can the slave takes all carp ips if one interface is unplugged?
Best regards,
Alexander
Field has to be uncked on both Units and needs reboot. Then it should work as expected
Hi,
on both Units the field is unchecked and I performed a reboot. If I unplug one cable from active master only the carp ip from this interface changed to the slave and all other subnets cannot connect to the subnet behind this carp ip.
Best regards,
Alexander
System.log of both units when unplugging
I will post them. Next week I am on holidays so it will took some time. Thank you for your help!