Messages

Having the feeling that I'm overlooking something simple, but I've got the following situation:

* 2 OpnSense VM's on Proxmox (doesn't matter if they are on different nodes or on the same one)
* WAN interface has IPv6 address on each box; no IPv4 address configured, but I've tried with 'fake addresses' and even with a temporary address from the public /24
* Both boxes have the IPv4 gateway set - tried both with far gateway on and off
* I have 2 CARP interfaces on the WAN side with public addresses in the same /24. Configured exactly the same on different VHD

What happens is that the 2nd CARP address is giving me connection problems; not all the time, but at around 40 to 50% of the time. Does that with ICMP ping or TCP connection to a port. It's always the 2nd CARP IP that does this, so when I switch both addresses, it's still the address on the 2nd CARP. When I change the 2nd CARP to an IP Alias everything is fine.

But ofcourse I don't want that because I want to be able to move that address to the 2nd OPNSense VM. I've also tried to put CARP in maintenance mode, stopped the second OPNSense box, etc.

Anyone have any idea what's happening?

Added:
* Boxes are on OPNsense 22.7.1
* When I want the IP Alias (that works) to transfer to box #2 and I set the VHID from "none" to the number of the CARP interface, the associated addres of the IP Alias is unreachable.

Do you really need this for Proxy? The master normally is only via one interface reachable

This isn't for communicating with the master, this is for the agents to communicate with the proxy. You can have agents on different networks connected to the OPNSense box; the proxy then acts as... well a proxy.. between the agents and the master, so the master doesn't need a connection to all agents "behind" the OPNSense box.

I've added a LAN interface to my OPNSense box and wanted to have the Zabbix Proxy to listen on it, but the interface doesn't let me add the IP to the list. While the Zabbix documentation (and the help in OPNSense) mention "List of comma seperated IP addresses", it's considered invalid by the webinterface.

Something strange happened after upgrading OPNSense to 18.7 (coming from 18.1.13). I've upgrade to 18.7.1, then to .2 and .3. Everything is working fine, except when I access a site that's using HAProxy (just plain HTTP traffic, no HTTPS) it stalles for quite some time (variable) before actually starting to transfer the information.

Sometimes it goes just as expected (fast), but the delay doesn't seem to be fixed. When looking at the logs in the backend server, no request is made in the time that the transfer is stalled.

I've already tried to delete all entries in the haproxy configuration and started anew, but it still happens. I use DNSMasq for DNS (that kind of unpredictable delays always triggers "DNS problems" for me in some way) but that is working without an issue.

Tried it on 2 machines - 1 hardware and 1 on vmWare - and it happens at both. When going back (through a snapshot on vmWare) it's gone and hosted sites are always fast again. Both machines have multiple WAN IP's, and if I use a NAT port forward on it to the backend server, ofcourse there is not problem.

Where I suspected HAProxy in the first few weeks, I'm now not convinced it's a HAProxy problem but something else (like DNS), but haven't got a clue where to search for it... Does someone have any ideas?