I am running 25.7.4 on a mini-computer for home use 1g up/down, and it works great.
I am using ACME for certs for inbound VPN.
I have emergency backups for most of my stuff (a lot of which is VM's so it's fairly easy), and want something for the firewall so I have an old PC with OPNSense installed, where I manually move a copy of the config (spoofing the WAN MAC) and load it and keep it fairly current just in case. Works OK, requires editing the interfaces (why assign interfaces makes a mess I do not get but it does, so I just edit the XML). So it's a little complicated and error prone but it works.
This works, and is adequate-- but wondering if HA could be better (especially with sync)? I do not need fast failover or state failover, just something I can relatively error free if I'm awake.
It appears that HA is not a good option for me as (a) everything i read says to do it gracefully you need 3 IP's in the public WAN address space (which I'm not getting for home fiber), and (b) that ACME certs become a bit of a pain if you synchronize configurations.
I've read postings of people working around both of these, but the workarounds seem kludgy. I read one request for auto-failover of the WAN if the LAN fails, but it was declined as a feature.
Is my understanding more or less right? Basically looking for a sanity check. Setting it up to try it is actually awkward as I've have to test on my primary AND backup and might screw them both up. Can do... but if it's not a fruitful path it's easier to just keep on using backup/restore.
Linwood