Messages

Hi everyone,

I'm working with an ISP that provides a /30 WAN link, and I'm trying to implement failover of the single public IP allocated to me between two OPNsense firewalls.

So far, I've tried several configurations:

• CARP VIP on unnumbered WAN interfaces using the standard multicast address
• CARP VIP on unnumbered WAN interfaces using a LAN unicast address
• Adding a /30 RFC1918 address to both WAN interfaces and assigning the public /30 as a CARP VIP

Each setup appears to come up cleanly at first. However, after a failover from master to standby and then back, I consistently encounter a split-brain scenario that doesn't resolve itself.

I've read through multiple threads here and elsewhere online, but haven't found a configuration that works reliably.

What's puzzling is that I've successfully set up CARP on unnumbered interfaces in the past using OPNsense 22.1.10, which worked out of the box. Notably, that version didn't have any explicit multicast configuration options. On the current version, though, I keep running into this issue regardless of what I try.

Has anyone managed to get this working reliably on recent OPNsense releases? I'd really appreciate any insights or workarounds.

Thanks!

Hi all,

I am trying to configure OpenVPN for non-admin users to access LAN resources.

Creating a new group (System: Access: Groups) and assigning "System: User Password Manager" privileges will allow users to log in and change their own password.

Is there a privilege that allows users to view their own OTP QR code or seed? These are non-admin users and should only be able to view their own codes.

Any feedback would be much appreciated.

Cheers,