I am trying to configure HA setup using 2 opnsense routers connecting to 2 different isp wans.
I created:
(https://forum.opnsense.org/index.php?action=dlattach;attach=47586;image)
Existing Primary/master router:
GW: 154.59.210.1
WAN: 154.59.210.30/24
Identifier "wan", device icg0
LAN: 192.168.1.1/24
identifier "lan",device LAGG0
ADDED:
CARP VIP: 10.0.0.1
New Secondary Router:
GW: 154.59.188.1
WAN: 154.59.188.66/24
Identifier "wan", device icg0
LAN: 192.168.1.2/24
identifier "lan",device LAGG0
CARP VIP:10.0.0.2
For test purposes, I added firewall rule for LAN that allows all traffic on each router.
1) The carp VIPs use a direct connection. From console I can ping each machine.
I cannot ping from the console of either router to the other router even though a firewall rule allowing all traffic on LAN on each router is active.
I cannot access the opnsense gui on the secondary router unless I enable it on the WAN port. It is not accessible from the LAN.
What do I need to do to ensure the secondary router is pingable from the LAN and I can access the secondary opnsense GUI from the LAN.
Thanks in advance,
D
Check the LAN interface setting on the secondary. Possibly you've stated a wrong network mask.
Updated image:
(https://forum.opnsense.org/index.php?action=dlattach;attach=47655;preview)
Primary is:
LAN: 192.168.1.1/24
identifier "lan",device LAGG0
Secondary is:
LAN: 192.168.1.2/24
identifier "lan",device LAGG0
Not sure what attribute needs changing. the net mask (per opnsense doc's) is set to /24.
The interface is Lagg0 which consists of 2 physical ports (eth1 & eth2). Both routers are identical. On the switch side, primary router's LAGG0 is connected to Ch1/I1, ports 1 and 2 on switch 1, and the secondary router Lagg0 is connected to ports 3 and 4 on switch 2. Switches 1 and 2 are connected via (another) Lagg1 (ch2/i2). All ports used pass default (vlan1) untagged traffic, so the routers should be able to ping each other.
Please, Need some help here ...