OPNsense Forum

English Forums => Hardware and Performance => Topic started by: max1m0 on September 20, 2018, 12:37:12 pm

Title: Dual WAN links wih CARP hardware failover
Post by: max1m0 on September 20, 2018, 12:37:12 pm
Hi All,

I am new here so i need help if is possible.

I have 2 WAN links from two different ISP providers.
I want to set up WAN link failover and opnsense hardware failover.
Please if someone has a diagram how should look at this setup.

Thanks all!
Title: Re: Dual WAN links wih CARP hardware failover
Post by: mimugmail on September 20, 2018, 01:26:51 pm
DialUP WAN or with /29 Networks or what? It would be better you draw a picture
Title: Re: Dual WAN links wih CARP hardware failover
Post by: max1m0 on September 21, 2018, 01:29:58 pm
Hi,

Thanks for the response,

Here is the current network diagram. I want to build a hardware failover with 2 OPNsense machines.
Please advise config.

Title: Re: Dual WAN links wih CARP hardware failover
Post by: mimugmail on September 21, 2018, 02:40:27 pm
This is one of the easier designs, just follow the official docs:

https://docs.opnsense.org/manual/how-tos/carp.html

Title: Re: Dual WAN links wih CARP hardware failover
Post by: max1m0 on September 24, 2018, 10:11:45 am
Thank you ...it confuses me right side of diagram ...what type of router/switch will be here? what model?
Title: Re: Dual WAN links wih CARP hardware failover
Post by: mimugmail on September 24, 2018, 10:19:48 am
The IP addresses on the right side also belong to OPNsense. You just have to add the gateway IP and it has to be in the same network as your CARP net (WAN).
Title: Re: Dual WAN links wih CARP hardware failover
Post by: max1m0 on September 28, 2018, 03:23:23 pm
I should try to simulate failover with VirtualBox first. What is your opinion? Do you have any other solution how to simulate this config?
Title: Re: Dual WAN links wih CARP hardware failover
Post by: mimugmail on September 28, 2018, 03:40:33 pm
No, binding LAN and TAP to a bridge is really error prone, also without CARP .. I strongly suggest to rethink your network in order to have a stable setup. Also if you hack something in so it works, you'll always have strange errors when something bad comes into play.

Really, I'm nearly 20 years in the business .. stretching a (V)LAN over a wire always ended in chaos.
Title: Re: Dual WAN links wih CARP hardware failover
Post by: mitra7 on September 28, 2018, 05:35:53 pm
Just setup two OPNSense Servers, each one with a cable from each modem, setup High Availability to sync the configs and setup a CARP. Assign the Interfaces from the modem and lan and set the IP's.
Create a Gateway Group, add the two Interfaces and choose if you want only Failover or Load Balancing.
Create a Firewall Rule on the LAN Interface and set the Gateway option to your Gateway Group.
This is a brief explanation but if you are into OPNSense, PFSense you should be able to do it.

Note: Your LAN devices should have the CARP IP as Gateway.