OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: wanderingchimp on December 04, 2017, 08:54:49 pm
-
So, this is my setup:
Local Side:
two identical boxes with exact hardware configurations
LAN (CARP)
Customer WAN (CARP)
DMZ (CARP)
Private WAN 1
Private WAN 2
HA (Sync)
Remote Side:
two identical boxes with exact hardware configurations
LAN (CARP)
Private WAN 1 (CARP)
Private WAN 2 (CARP)
Public Wan
These sites are connected via point to point wireless bridges. Whenever I attempt to configure carp for Private Wan 1 or Private Wan 2 on the local side, as soon as I create the VIP I loose gateway connectivity from the perspective of the local side, pings fail, no denies in the logs. Remove the VIPs, and gateway reach-ability is restored.
Each FW has a "Private_Wan_1" and a "Private_Wan_2" interface. So, Privatewan1 on the local side and privatewan1 on the remote side sit in the same broadcast domain, for simplicity sakes, it's a /24.
My gateways on the local side are setup as such:
Private_Wan_1_GW > CARP VIP on remote side.
Private_Wan_2_GW > CARP VIP on remote side.
I've been scratching my head on this for a while, and I've done quite a bit of digging and searching but I haven't really came across a fix, I am sure it's something simple that I have overlooked. I've just offered a brief overview, if you need more details I can provide you with that and we can drill down more technically.
-
NVM, I figured it out. So this was my issue:
Whenever I created my VIP's, I was manually specifying to use VHID group 2 and group 3, clearly they weren't being used so it let me create them, but as soon as I did, I'd lose gateway reach-ability.
If I just hit the button to automatically select a VHID it worked, so that's a relief.