Hi
I have 2 opnsense installations - one on apu2c4 and one as xen vm (both with latest version 18.1.2)
I have some weird effects with CARP configuration. The hosts doesnt have 1:1 same interfaces but I use CARP only on these the are on both opnsense installations:
first:
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt3</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
second:
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>wan</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
The first router should be ever a master if it is running.
Sometimes after a reboot some interfaces are master and some backup on first und second router... I need to disable/enable CARP and then it works... Is something wrong with this configuration?
TiA
Greetz
could it be that xen doesn't allow spoofing and so on?
on ESXi you need things enabled like
promiscuous mode - accept
mac address change- accept
forged transmits - accept
on hyperv
mac spoofing allowed
Xenserver (not Xen)
https://support.citrix.com/article/CTX121729
A little ex-course to Hypervisor's (sorry to link pfsense)
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#Conflicting_VHIDs
Also you should not forget that some switches also must allow Load Balancing / High Availability Features.
I have made settings on the bridges on hypervisor and now are all interfaces on the opnsense vm in promiscous mode...
but I have still an issue with this part on the first router:
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
after start (boot) it is in a undefined state, see attachement
it is a bridge interface on the apu2c4, can this be the problem? all other (non bridge) interfaces are working correctly
could be the different interface's (example carp_lan_wlan on router 1 is on opt5 and carp_lan_wlan on router 2 is on lan interface) be the problem?
how can I rename the interfaces?