1
17.1 Legacy Series / Carp-IP in VLAN Setup not working
« on: March 06, 2017, 10:12:48 am »
Hi Forum,
i try to install an HA setup of two OPNSense FW Routers. The Interfaces are all basen on VLANs.
I installed an Test-Environment based on VMWare virtual machines. On installation i created the whole VLAN Interfaces.
- Config-Sync is enabled.
- IPs of the Interfaces are all pingable so vlan setup is running.
- Firewallrules for all Interfaces are created to allow carp traffic.
- Carp Interfaces and ip-adresses are created on each interface.
- I See carp-traffic from Master to multicast address on both nodes.
--- >B ---
09:08:52.716408 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
09:08:53.737214 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
09:08:54.756659 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
--- >B ---
but i cannot ping the carp address nor i cannot reach services using dnat rule on carp ip.
As an additional test i copied the Configuration from master to backup node and fixed ip address and host name. But i cannot reach carp ip.
Carp ip is only pingable from carp master node.
Anyone an Idea whats going wrong or to search further?
Thanks a lot.
i try to install an HA setup of two OPNSense FW Routers. The Interfaces are all basen on VLANs.
I installed an Test-Environment based on VMWare virtual machines. On installation i created the whole VLAN Interfaces.
- Config-Sync is enabled.
- IPs of the Interfaces are all pingable so vlan setup is running.
- Firewallrules for all Interfaces are created to allow carp traffic.
- Carp Interfaces and ip-adresses are created on each interface.
- I See carp-traffic from Master to multicast address on both nodes.
--- >B ---
09:08:52.716408 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
09:08:53.737214 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
09:08:54.756659 IP x.x.x.x > 224.0.0.18: VRRPv2, Advertisement, vrid 42, prio 0, authtype none, intvl 1s, length 36
--- >B ---
but i cannot ping the carp address nor i cannot reach services using dnat rule on carp ip.
As an additional test i copied the Configuration from master to backup node and fixed ip address and host name. But i cannot reach carp ip.
Carp ip is only pingable from carp master node.
Anyone an Idea whats going wrong or to search further?
Thanks a lot.