OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: whitwye on August 18, 2017, 04:37:54 pm

Title: No CARP signal on second WAN
Post by: whitwye on August 18, 2017, 04:37:54 pm

Separating this out from multiple issues discussed on https://forum.opnsense.org/index.php?topic=5765.0:

On WAN1, with a CARP IP set, the CARP VHID broadcasts are going out as expected.

On WAN2, with a CARP IP set, there are no outgoing CARP VHID broadcasts appearing on the interface except for some originating from an unrelated system on the same subnet.

The inspection is done with:

Quote

tcpdump -nvi igbX -c10 proto 112 -T carp

where "X" is 1 and 2 for the two interfaces. Nor are the missing CARP VHID broadcasts appearing on any other interface. And OPNsense is not adding the CARP IP in question to the second interface (as shown by ifconfig), although the first interface has the IP added.

Additionally, OPNsense has allowed 2 CARP IPs to be assigned to the first interface with the same VHID, while it rejects an attempt to assign a second CARP IP to the second interface with the same VHID as the first there, claiming this is a conflict. However since not even the first CARP IP on the second interface works at all yet, maybe solving that problem will also make this one go away.

Title: Re: No CARP signal on second WAN
Post by: whitwye on August 18, 2017, 06:32:57 pm

Somehow, in resetting firewall rules various ways to fix this seeming unrelated problem, https://forum.opnsense.org/index.php?topic=5780.msg23737#msg23737, the CARP signals started getting generated for this purpose. Or I should say when I went back to the CARP setup, the page said there were changes to there, and to press the button to implement them (something I had not failed to do multiple times before on changes there). This time, the change actually activated the VHID signalling and brought the IP up.

What hasn't changed is that WAN2 is requiring each CARP IP be on its own VHID, while WAN1 was perfectly happy to have two assigned to the same one.

The WAN2 interface has also gone to PROMISC now.

Title: Re: No CARP signal on second WAN
Post by: whitwye on August 18, 2017, 08:13:25 pm

Note "man carp" says:

Quote

An arbitrary number of virtual host IDs can be configured on an interface.  An arbitrary number of IPv4 or IPv6 addresses can be attached to a particular vhid.

So OPNsense preventing me from assigning more than one IP address per interface to a particular VHID (on the one WAN interface, although not the other), is not a requirement of FreeBSD's CARP implementation.

Title: Re: No CARP signal on second WAN
Post by: mimugmail on August 18, 2017, 09:08:07 pm

Quote from: whitwye on August 18, 2017, 08:13:25 pm

Note "man carp" says:

Quote

An arbitrary number of virtual host IDs can be configured on an interface.  An arbitrary number of IPv4 or IPv6 addresses can be attached to a particular vhid.

So OPNsense preventing me from assigning more than one IP address per interface to a particular VHID (on the one WAN interface, although not the other), is not a requirement of FreeBSD's CARP implementation.

@franco @adschellevis:
https://redmine.pfsense.org/issues/2886

Was there some intention to remove this functionality or was this a mistake?