OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: remd on February 09, 2018, 01:29:12 pm
-
I have setup 2 appliances with CARP initially on 17.7.7 (or a version close to that one), and at the time the backup appliance could only connect to the internet when the master was down, at the time I didnt know why, but it wasn't that bad as main purpose for the backup was to be available if the master is down, which worked. It was however annoying for updates as the master had to be disconnected for the backup to update.
However after some updates and up until 17.7.12 the backup was able to connect again, but now after I updated to 18.1.1 it cannot anymore, sometimes a couple of pings go through but most of the time it doesnt.
What seems to happen is that when a package is sent out from the VIP ip, it tries to go back to the master not the backup, so it never returns. Although there could be some logic as the backup should respond only if the master is down, why was it working for 6 months, and it is also working on the other 2 appliances in CARP which are behind the first layer of firewalls ?
Has a anyone an idea what could be wrong ?
-
This issue seems to have been due to an outbound NAT rule.
I had a NAT rule configured for a network range that I was using and changed as it was conflicting with a new WAN network range.
This was created automatically and should have been removed/disabled manually, as I changed the outbound NAT to manual afterwards, when the change was made, but it was still active.
I didnt notice it right away as the connexion was working for some time and only recently stopped working, without any changes in the NAT rules.
In any case the connexion seems to work again after the NAT rule was removed.