Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: Styx13 on April 07, 2022, 05:09:07 PM

Title: WAN VIP failover to secondary during DHCP renewal
Post by: Styx13 on April 07, 2022, 05:09:07 PM
Hello,

Since OPNsense 22.1.3 or 22.1.4 (I updated directly from 22.1.2 to 22.1.4), I have a strange behavior regarding CARP failover and my WAN interface DHCP renewal.

My OPNSense HA setup consist in 2 OPNsense instances on 2 different systems which are both connected to the same router for their WAN interface.
The router assigns each OPNsense an IP via DHCP and renews it every 24 hours (the DHCP configs is "static" in the sense that the MAC address of each OPNsense is assigned an IP in the DHCP server of the router - but from OPNSense point of view, it's DHCP served).

This has been working like that for years and no issues.

But lately (after the update from 22.1.2 to 22.1.4), every time the WAN DHCP address renews on my primary node, CARP would failover the WAN VIP to the secondary node (and just the WAN VIP, the other VIPs for my other VLANs all stay on the primary) and it stays like that, it never fails back to the primary.

While in that state (WAN VIP on secondary and all other VIPS on primary), several things are not working properly including some VPN connections I have and overall I notice some weird/slow DNS resolution and other slowness.

The only way I found to put back the WAN VIP on the primary is to go on both the primary and secondary, disable carp and re-enable it (sometimes I need to set carp persistent mode on secondary to force it back to primary).

Before 22.1.3, I never observed this behavior (and if it happened, it was probably very short and failed back right away so I never noticed it ?)

I noticed in the release notes of 22.1.3 the follow changes:
- interfaces: do not update VIPs on dynamic address changes
- interfaces: remove unused reference and return value from interface_carp_configure()
- dhcp: stream-read log and leases files for "dhcpd update prefixes" action
- ports: dpinger 3.2 [3]

Could any of those changes be related to the behavior I am seeing ?

Thank you.
Title: Re: WAN VIP failover to secondary during DHCP renewal
Post by: franco on April 07, 2022, 05:35:56 PM
Hi,

Could be https://github.com/opnsense/core/issues/5646 -- can you try the patch?

# opnsense-patch 57097e2

The patch is scheduled for 22.1.6 since no other reports so far, otherwise it would have made 22.1.5.


Cheers,
Franco
Title: Re: WAN VIP failover to secondary during DHCP renewal
Post by: Styx13 on April 08, 2022, 12:51:29 AM
I applied the patch and will let you know if the issue still occurs.
Title: Re: WAN VIP failover to secondary during DHCP renewal
Post by: Styx13 on April 13, 2022, 05:46:29 AM
@franco

Just wanted to report that ever since I applied this patch, the issue did not happen anymore.

So I believe you are correct, it is related to https://github.com/opnsense/core/issues/5646

Thank you !
Title: Re: WAN VIP failover to secondary during DHCP renewal
Post by: franco on April 13, 2022, 09:22:01 AM
Nice, thanks, good news is it will be included in today's 22.1.6.  :)


Cheers,
Franco
Text only | Text with Images