OPNsense Forum

English Forums => High availability => Topic started by: Grossartig on June 02, 2022, 03:48:25 pm

Title: "Enter persistent carp maintenance mode" does not switch backup to master
Post by: Grossartig on June 02, 2022, 03:48:25 pm
When I click on "Enter persistent carp maintenance mode" on the master, nothing happens (Master remains master, Backup remains backup).

I have two identical OPNsense boxes (OPNsense 22.1.8_1-amd64) setup in HA with CARP & pfSync (the latter only on LAN). Single WAN behind a managed switch that both OPNsense boxes connect to. WAN MAC are identical on Master & Backup. A gateway group has been set up on both boxes as follows: Master prefers WAN_DHCP (Tier 1) and backup box as gateway as Tier 2. Backup prefers master box as gateway (Tier1) and WAN_DHCP as Tier 2. This is primarily intended to ensure the backup has Internet access through the master in a normal scenario (and vice versa).

The only scenario in which the backup becomes master is when I shut down the master. Then the failover to backup happens automatically and works well.

What can I do to propagate backup to master without having to shut down the master?

Title: Re: "Enter persistent carp maintenance mode" does not switch backup to master
Post by: nzkiwi68 on August 12, 2022, 05:45:38 am
This sounds like a network switching issue.

Some network switches mess up with CARP/VRRP packets and don't process them very well. To work best, both the primary and master firewall should be connected to the same switch (or a stack of switched for redundancy).
Title: Re: "Enter persistent carp maintenance mode" does not switch backup to master
Post by: kd.gundermann on March 13, 2024, 02:42:50 pm
are there any logs on the OPNsense where I can analyze if there are some problems with teh CARP protocol ??