I have two OPNsense firewalls and each has its own separate WAN connection. I have set up CARP with a virtual IP for all 5 of my VLANs, and confirmed that this works when one of the firewalls is powered off. In this situation, the other firewall becomes the MASTER for all CARP IPs, thus resulting in only a couple of seconds of network downtime.
However, when the WAN connection goes offline on one of the firewalls, CARP IPs that are currently MASTER are not demoted. This means that those networks are left without connectivity. The gateway is detected as offline but because the CARP interfaces are still up, meaning the other firewall does not take over.
CARP configuration:
(https://i.imgur.com/OCy8aXq.png)
Virtual IPs, router1:
(https://i.imgur.com/qxDx0Tx.png)
Virtual IPs, router2:
(https://i.imgur.com/0c6ElXI.png)
I haven't found much online about how I could achieve proper failover/redundancy in this configuration. If anybody has any suggestions I would be very appreciative.
Many thanks
Separate connection as in separate providers?
Otherwise, did you set a VIP on the WAN side as well, per the guide?
All the networks have private addresses so it's not obvious the WAN side is covered.