OPNsense Forum
English Forums => High availability => Topic started by: marc@magnus on August 26, 2021, 02:13:28 pm
-
Hy,
where running opnsense version 20.7.5 in a HA setup and i need to add alot of extra external ip adresses to the wan interface.
i'm wondering what the best procedure is to realise that. i'm reading a lot of different ways outside of the current manual. and i want to interupt the business as little as possible.
is it as simple as to create a ip alias and add the same vhid number as the primary wan has on the primary unit and create the same ip alias on the secundary unit with the same vhid as the primary wan again?
thanks for your time to read this and for a reply.
-
I could not get it to work and added multiple CARPs.
But at some point or somehow it work for others.
In my setup the alias was synced to the slave but the CARP was in dual master state after that.
Doc seems a bit outdated on that point stating you have to add the AlIAS on the slave by hand.
Could you please report youre findings?
Some other posts:
https://forum.opnsense.org/index.php?topic=6536.msg28120#msg28120
https://forum.opnsense.org/index.php?topic=23723.msg112958#msg112958
-
Like user tryhard, I also experience the same problem when following the same documented process to set up an IP Alias for a CARP virtual IP: both members of the HA firewall show as "MASTER" for the CARP virtual IP when an IP Alias is created with the same vhid.
Also, the current documentation (https://docs.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips (https://docs.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips)) says this:
IP Alias is not synchronized to slave, be sure to also add it to your second machine.
In my experience on 21.7.6, this is incorrect. HA Sync caused the alias to be created on the backup firewall.
I would be grateful if anyone could report HA IP Aliases working for them, or whether there is some caveat to be observed when creating them successfully (e.g., netmask, vhid, etc.).
-
Like user tryhard, I also experience the same problem when following the same documented process to set up an IP Alias for a CARP virtual IP: both members of the HA firewall show as "MASTER" for the CARP virtual IP when an IP Alias is created with the same vhid.
Also, the current documentation (https://docs.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips (https://docs.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips)) says this:
IP Alias is not synchronized to slave, be sure to also add it to your second machine.
In my experience on 21.7.6, this is incorrect. HA Sync caused the alias to be created on the backup firewall.
I would be grateful if anyone could report HA IP Aliases working for them, or whether there is some caveat to be observed when creating them successfully (e.g., netmask, vhid, etc.).
It turned out in my case that I was using an incorrect netmask when creating the IP Alias. Like defining a CARP IP, I used the actual subnet mask. For an IP Alias I should have been using /32 for an IPv4 alias. After I edited it to use /32 the backup HA firewall correctly showed "BACKUP" status for the CARP IP on which the IP Alias was defined, as opposed to both firewalls claiming "MASTER" status.