OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: mitra7 on September 26, 2018, 05:09:55 pm
-
I have two OPNSense installations in High Availability.
I setup CARP on the Master Server in a Bridged interface. Both machines have the bridge interface which is br0.
When both machines synchronize the backup server loses the Interface on CARP. Is this a new problem?
I have a second CARP using regular interfaces and it synchronizes fine.
Server 1 (Master)
(https://i.imgur.com/5Totsl1.png)
Server 2 (Backup)
(https://i.imgur.com/aO97DEz.png)
-
Do I need to open an issue on Github? Is there any more information that I should provide?
-
Never used CARP and Bridge, do you use a dedicated Uplink for Sync and PF stats? Screenshots of both CARP status? Anything related in the system.log?
-
I get this notice:
"09-26-18 22:22:32 [ Interface specified for the virtual IP address 192.168.XX.250 does not exist. Skipping this VIP. ]"
However if I disable Virtual IPs Synchronization and I assigned the interface manually on the Backup server (Virtual IP/Carp Settings) it works just fine.
bridge0 (Master Server)
bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:e5:3e:f9:7c:00
inet 192.168.XX.254 netmask 0xffffff00 broadcast 192.168.XX.255
inet 192.168.XX.250 netmask 0xffffff00 broadcast 192.168.XX.255 vhid 1
nd6 options=1<PERFORMNUD>
carp: MASTER vhid 1 advbase 1 advskew 0
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ovpns3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 2000000
member: vtnet1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 2000
bridge0 (Backup Server)
bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:a7:7b:d3:48:00
inet 192.168.XX.251 netmask 0xffffff00 broadcast 192.168.XX.255
inet 192.168.XX.250 netmask 0xffffff00 broadcast 192.168.XX.255 vhid 1
nd6 options=1<PERFORMNUD>
carp: BACKUP vhid 1 advbase 1 advskew 100
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ovpns3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 2000000
member: vtnet1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 2000
-
What about the rest of the questions?
-
I don't use a dedicated uplink for SYNC but I can create. For SYNC I am using the same interface (Bridge0).
It might be due to ovpns3 on the Backup Server is down because it is a Site-To-Site TAP VPN, I can't have both servers connected at the same time to the VPN Server.
I just don't understand why because if I assign manually the interface on the backup server it stays there.
I was checking and the same interface is not assigned on the Gateways section if it was updated through sync, manually works.
-
Sorry, I'm out here, I never used OpenVPN to bridge LANs, and I have no idea how this would break in a HA screnario and what happens on a failover. This is a ver rare untypical setup.