OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: Perun on February 22, 2018, 07:10:53 am
-
Hi
I have 2 opnsense installations - one on apu2c4 and one as xen vm (both with latest version 18.1.2)
I have some weird effects with CARP configuration. The hosts doesnt have 1:1 same interfaces but I use CARP only on these the are on both opnsense installations:
first:
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt3</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
second:
<virtualip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>wan</interface>
<descr>carp_cable</descr>
<subnet>192.168.40.2</subnet>
<vhid>40</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>carp_vdsl</descr>
<subnet>192.168.140.2</subnet>
<vhid>140</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt2</interface>
<descr>carp_lan_media</descr>
<subnet>192.168.150.2</subnet>
<vhid>150</vhid>
<advskew>200</advskew>
<advbase>40</advbase>
<password>!c4rp!</password>
</vip>
</virtualip>
The first router should be ever a master if it is running.
Sometimes after a reboot some interfaces are master and some backup on first und second router... I need to disable/enable CARP and then it works... Is something wrong with this configuration?
TiA
Greetz
-
could it be that xen doesn't allow spoofing and so on?
on ESXi you need things enabled like
promiscuous mode - accept
mac address change- accept
forged transmits - accept
on hyperv
mac spoofing allowed
Xenserver (not Xen)
https://support.citrix.com/article/CTX121729
A little ex-course to Hypervisor's (sorry to link pfsense)
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#Conflicting_VHIDs
Also you should not forget that some switches also must allow Load Balancing / High Availability Features.
-
I have made settings on the bridges on hypervisor and now are all interfaces on the opnsense vm in promiscous mode...
but I have still an issue with this part on the first router:
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt5</interface>
<descr>carp_lan_wlan</descr>
<subnet>192.168.50.2</subnet>
<vhid>50</vhid>
<advskew>100</advskew>
<advbase>30</advbase>
<password>!c4rp!</password>
</vip>
after start (boot) it is in a undefined state, see attachement
it is a bridge interface on the apu2c4, can this be the problem? all other (non bridge) interfaces are working correctly
-
could be the different interface's (example carp_lan_wlan on router 1 is on opt5 and carp_lan_wlan on router 2 is on lan interface) be the problem?
how can I rename the interfaces?