Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: tsystem on May 22, 2024, 09:53:24 PM

Title: CARP or no CARP
Post by: tsystem on May 22, 2024, 09:53:24 PM
Hi,

Just a little questions to be sure my configuration can be usefull or if it's not a good idea to work this way.
At he begining i was imaging to make a full redondant configuration with 2 separate fibers to Combin Balancing & Failover. I hope to do that with a full redondant configuration (CARP).
But bad news today, each fiber only provide 1 public IP so i can use virtual IP on the WANs side.
Is it possible to work with CARP only on the LAN side and switch ethernet cords on from one server to the other one when Master conf are not available ? ( please see images about what i can do)

Thanks by advance for your vote ;)
Title: Re: CARP or no CARP
Post by: Monviech (Cedrik) on May 22, 2024, 10:06:22 PM
You can use CARP Vips without configuring an IP address on its parent interface.

So you can leave WAN on IPv4 none on both Firewalls and put the WAN addresses as CARP VIPs on them and it will work during a failover.
Title: Re: CARP or no CARP
Post by: tsystem on May 22, 2024, 10:37:41 PM
Whouou, really thanks for this ultra fast feedback ;)
attach a new image : did i get a good understanding of what you are talking about ?
Title: Re: CARP or no CARP
Post by: Monviech (Cedrik) on May 22, 2024, 11:23:12 PM
Yeah, using virtual IPs and both WAN interfaces connected to the same switch.

Reference Thread:
https://forum.opnsense.org/index.php?topic=34955

Title: Re: CARP or no CARP
Post by: tsystem on May 25, 2024, 01:02:45 PM
Whoua, i'm going ahead and it's become harder and complex ...  :o
So 'i got some questions ...

1: VLANs : if i create some vlans, need i to create a VHID group for each vlan ? and if it's case, need i to create each vlan before create VHID ?

2: for the CARP and the VLANs, need it to setup and outbound nat for each vlan ?

3: and finally with the multiple WAN config ... : how to manage that with outbounds etc ?

Thanks by advance for help
Title: Re: CARP or no CARP
Post by: Monviech (Cedrik) on May 25, 2024, 01:50:34 PM
- Each vlan needs its own carp vip.
- Each vlan needs its own outbound nat rule if you want to masquerade to the internet. If its on automatic I think its automatic though not sure here, I always use manual nat.
- When you have multiple wans you can create firewall rules that force traffic to the gateway of one or the other. Both need their own outbound nat rules.
- If you want to load balance or failover between them you have to create a gateway group and set your firewall rule gateway to that gateway group, on the rule to the internet only.
Text only | Text with Images