hi all.
How i cant creat auto ha Sync ? Creat it in cron dont work.
And why don sync interfaces and Vlan and etc ?
Thnks.
HA Auto Sync Work !
Dont Work Interface, DHCP, Vlan ((
How i can in config ?
Thnks
You can't. You need to create interfaces manually on both nodes. And you must make 100% sure to create them in the exact same order, so e.g. VLAN 1 will become OPT1, VLAN 2 will become OPT2, etc.
Whot ???
i Have 2300 Vlans ... and DHCP Servesis
And i need to Creat second opnsense too 2300 Vlans and DHCP Servesis?
Why it dont sync ?
DHCP is synced. Interfaces are not. You can export the config on both systems, then adjust and move the interface specific part and re-import the finished file into the second system. It's all XML ...
I am not sure if OPNsense can manage 2300 VLANs, though.
if i input config into second opnsens, after realod second dont up
And whot is this parametr in DHCP Failover peer IP: ?? cant understund
You need a dedicated HA sync interface that connects both nodes. The peer address is configured on the master node only - with the address of the backup node. The master node then pushes the configuration to the backup node.
Did you read the documentation? ;)
https://docs.opnsense.org/manual/hacarp.html
yes i read. i creat manualy interfase in second opnsense. And dchp syns
but wot it is in Dchp server
Failover peer IP: ???
if i put vip, Dhcp dont work ..
As far as I understood the documentation on the master node you put the IP address of the backup node in there and vice versa.
Here's another document providing an example setup:
https://docs.opnsense.org/manual/how-tos/carp.html
And here a howto document for the ISC DHCP server, which is what OPNsense uses under the hood:
https://stevendiver.com/2020/02/21/isc-dhcp-failover-configuration/
Thnks. but steel dont understud.
i have
lan ip Master : 192.168.200.1
Lan ip Slave: 192.168.200.2
Carp Lan ip: 192.168.200.3
Sync ip Master: 10.50.50.1
Sync ip Slave: 10.50.50.2
Ha work on Sync Interface
On Master have ip to Slave.
Synchronize Peer IPP: 10.50.50.2
Synchronize Config to IP: 10.50.50.2
On Slave have ip to Master
Synchronize Peer IPP: 10.50.50.1
in Master i creat just now only one DHCP Vlan231
Ip: 192.168.231.10
DNS servers: 192.168.231.5, 192.168.231.6
GW: 192.168.231.10
Failover peer IP: Dont understud whot i must writn here, if i writin "Carp Lan ip" DHCP dont Work.
In Slave i dont creat DHCP For Vlan231 it's sync
Thnks.
On the master in System > High Availability > Settings you enter the HA interface IP of the backup, root username and password. So master can sync config to backup. On backup you enter nothing there. You don't want the backup to sync back. OPNsense does not do active-active.
On the master in DHCPv4 > VLANx in the failover peer ip you enter the VLANx IP of the backup.
That's it. It's exactly like that in the docs I linked.
I dont have the VLANx IP of the backup.
You need to manually create a VLAN231 ond the master and on the backup and assign IP addresses to both. Then on the master you create a CARP IP on VLAN231 which will be the default gateway and the endpoint for all other services like e.g. DNS in that VLAN. This will be synced.
Then you create DHCPv4 on the master with the proper range for VLAN231, gateway, DNS, yadda yadda ... and as the failover peer you set the IP address of the backup that you used when creating the VLAN231 on the backup.
Each interface/VLAN in a HA setup (apart from the dedicated HA/sync interface) needs
- a fixed static IP address on the master
- a fixed static IP address on the backup, same network, of course
- one or more "floating" CARP addresses in that same network
For HA I have Sync ip
Vlan231 its local Lan for other divases.
Vlan200 its local Lan for other divases.
Vlan215 its local Lan for other divases.
Etc
Vlan's its nor for Syns or Backup
DCHP All Vlans need when some divases connet this Vlans get ip.
Backup ip its Carp LAN 192.168.200.3 only this
Yes. I understand. You need to create the VLANs on both nodes. You need to assign a static IP address to the VLANs on both nodes. You need to create and assign the VLANs in exactly the same order on both nodes, so e.g. vlan231 is OPT1, vlan200 is OPT2, etc.
Did you do that? Start with just one vlan, e.g. 231 to see how it works.
Then for DHCP I already wrote everything in my last post. It's all exactl like that in the docs:
https://docs.opnsense.org/manual/how-tos/carp.html
Except they are not using VLANs, but that does not make a difference.
YOU MUST CREATE THE VLANS ON BOTH NODES MANUALLY AND ASSIGN IP ADDRESSES ON BOTH NODES MANUALLY. NONE OF THIS HAPPENS BY MAGIC.
yes i creat it !!
i askn only one qvestion whot i need to writen in Failover peer IP:
if i writen the Carp ip, DHCP Dont work
if i writen the Sync ip, DHCP Dont work
You write the IP of the interface of the backup node in that particular VLAN where you try to setup DHCP. That's how it is in the docs.
Dont Uderstud ....
i have
Lan ip Master : 192.168.200.1
Lan ip Slave: 192.168.200.2
Sync ip Master: 10.50.50.1
Sync ip Slave: 10.50.50.2
Vlan231 ip Master: 192.168.231.10
Vlan231 ip Slave: 192.168.231.10
Whot i must writen in Failover peer IP on DHCP Vlan231.
I real cant understud whot u tray me sad !
Master and backup must have different IP addresses in VLAN 231 just like in LAN. Then you create an additional third CARP IP for VLAN 231 that your client systems will use.
In failover peer IP you write the IP of the backup.
Example:
VLAN 231 master: 192.168.231.1
VLAN 231 backup: 192.168.231.2
VLAN 231 CARP: 192.168.231.10
Failover peer: 192.168.231.2
U mean i must for all Vlans creat Carp ip and Vlan's must have differet static ip In Master and Slave and last in DHCP i must put ip in Failover peer IP Vlan's static ip from Slave ? ( like in Lan interfase )
I correct u undestud ?
Yes, exactly. As I told from the beginning and as is in all the docs about CARP. A cluster always needs three IP addresses in each network where you want to have high availability. That is the case for OPNsense and for every comnercial firewall product I have used in the last 3 decades.
Ho come you are responsible for 2300 VLANs and have obviously no experience with that?
I Creat all this Vlan in Dfl 870 and it dont have HA.
I Find opnsense and try creat Dhcp Ha Server. thats why i dont understud how correct it setting for HA.
If Its Singl divase it simpl creat )