OPNsense Forum

English Forums => High availability => Topic started by: litebit on November 25, 2023, 02:22:03 pm

Title: HA CARP VIP question
Post by: litebit on November 25, 2023, 02:22:03 pm

Hi,

I'm trying to migrate from a single Opnsense to a dual HA Opnsense setup.
Lan side only (each opnsense box would be connected to a different isp). Most important for me would be to keep configuration/settings (alias, rules, dhcp, dynamic dns, openvpn, ....) in sync.
I don't mind sessions needing to be restarted when the failover takes place.

The first question: can the VIP on the LAN site also be used to access & manage the master box?
example:
node 1 has IP .2 (=master)
node 2 has IP .3 (=backup/slave)
VIP = .1
Can node 1 also be managed (via the GUI) via the .1 address?

Title: Re: HA CARP VIP question
Post by: Patrick M. Hausen on November 25, 2023, 03:10:43 pm

Yes, sure.

Title: Re: HA CARP VIP question
Post by: litebit on November 29, 2023, 10:41:20 am

It didn't work when I was preparing the HA setup, I guess it only works once the HA setup is active.
Now it works.

Title: Re: HA CARP VIP question
Post by: danbet on December 15, 2023, 04:23:24 pm

Even though I have HA active, the CARP interfaces still don't work. Neither for the LAN interface nor for the WAN interface.

Title: Re: HA CARP VIP question
Post by: danbet on April 22, 2024, 10:03:07 am

I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.