Text only | Text with Images

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: samp on March 16, 2020, 06:01:03 AM

Title: Gateway monitor broken on CARP WAN with single public IP
Post by: samp on March 16, 2020, 06:01:03 AM
I have a single WAN public IP which is set as the CARP VIP address in a 2-member cluster. The WAN interface on both members has a private IP of 10.0.1.1 and 10.0.1.2 respectively. CARP seems to be set up and working fine, but I have to disable gateway monitoring for the WAN.

I assume dpinger which is used for gateway monitoring is sending pings using the WAN interface private IP instead of the VIP which would explain why this is failing. Is there any way to get dpinger to send from the VIP address instead? Is this a known issue?

Thanks,
Sam
Title: Re: Gateway monitor broken on CARP WAN with single public IP
Post by: mimugmail on March 16, 2020, 07:36:41 AM
It's a known limitation of the carp design itself. The Firewall would also reply to traceroute with the private IP.
Text only | Text with Images