OPNsense Forum
English Forums => High availability => Topic started by: litebit on November 25, 2023, 02:22:03 pm
-
Hi,
I'm trying to migrate from a single Opnsense to a dual HA Opnsense setup.
Lan side only (each opnsense box would be connected to a different isp). Most important for me would be to keep configuration/settings (alias, rules, dhcp, dynamic dns, openvpn, ....) in sync.
I don't mind sessions needing to be restarted when the failover takes place.
The first question: can the VIP on the LAN site also be used to access & manage the master box?
example:
node 1 has IP .2 (=master)
node 2 has IP .3 (=backup/slave)
VIP = .1
Can node 1 also be managed (via the GUI) via the .1 address?
-
Yes, sure.
-
It didn't work when I was preparing the HA setup, I guess it only works once the HA setup is active.
Now it works.
-
Even though I have HA active, the CARP interfaces still don't work. Neither for the LAN interface nor for the WAN interface.
-
I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.