OPNsense Forum

English Forums => Development and Code Review => Topic started by: bubbagump on January 31, 2023, 09:23:12 pm

Title: Making Wireguard CARP aware
Post by: bubbagump on January 31, 2023, 09:23:12 pm

Currently Wireguard has no CARP awareness meaning a few things:

* Wireguard that is stopped on a firewall that is BACKUP start after an XMLRPC config sync when the enable flag is set.
* Wireguard starts on a firewall that is BACKUP after a reboot.

This causes issues where two firewalls are connected to the same VPN endpoint and thus have the same tunnel IP. The far end thrashes packets all over as the two tunnels fight for dominance.

There is a good CARP script out there to deal with failover but not the XMLRPC sync issue.

It occurs to me that there should be an option within the WG plugin to make it "CARP aware" OR a change in the default behavior to always be CARP aware similar to DHCP.

My ask here is does a pattern for such a thing exist? Are there other plugins that have such functionality? I'd like to dig into the problem, but I want to use any established patterns if they exist so I don't make a pull request and find "hey dude, do it this way over here as that's how we always do it." I don't think any plugins ARE CARP aware, thus my question and perhaps a new pattern would need to be created. Thanks!

Title: Re: Making Wireguard CARP aware
Post by: bubbagump on February 01, 2023, 01:26:48 pm

i'm dumb, mDNS has this same pattern.