OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of bdelacour »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - bdelacour

Pages: [1]
1
Tutorials and FAQs / Re: High Availability Setup in vSphere 6.0
« on: April 09, 2020, 04:10:46 pm »
Bart,

Thank you for your answer. I am able to enable vSphere FT on this VM but it doesn't fix all my issues :/
The advantage of CARP is : if I want to update one node, I can update the second, switch master to the second, update the first and switch master to the first.

Here, when I activate failover, I lose control on my VM. It only handles "failover" side.

Do you know if I can do the same with vSphere FT ?

If not, do you know another solution ?

Kind regards

2
Tutorials and FAQs / Re: High Availability Setup in vSphere 6.0
« on: April 09, 2020, 11:06:52 am »
UP

Somebody for a serious answer ?  :)

3
Tutorials and FAQs / Re: High Availability Setup in vSphere 6.0
« on: April 06, 2020, 06:36:43 pm »
Uuhh, yes ?

If the host containing my OPNsense VM is down, I don't want to wait vSphere HA to restart my VM on another host, I want a quick switch...

On my vSphere I have multiple ESX, I already had the problem where one of my ESX host isn't offline but cannot be accessed. So, when something like this happens, vSphere won't quickly detect my VM as down but all my network will be down... -> downtime
BUT, if I have another node, it won't be able to contact the master node and will be elected -> no downtime

4
Tutorials and FAQs / High Availability Setup in vSphere 6.0
« on: April 06, 2020, 05:47:51 pm »
Hi !

I successfully installed OPNsense as a firewall and gateway between 3 VLANs. Everything works like a charm and I've also been able to setup some IPsec connections.

Now, I want to add some High Availability setting up a second OPNsense node. I read the tutorial on "How to setup CARP" and I have been able to setup connectivity between my two nodes.

The problem is at the end, when I test my virtual IPs. I can see them in my ARP table on all my virtual machines of VLANs but I can't ping them. The reason is : we must enable promiscuous mode on all DVS (my VLANs).

BUT, I can't enable it for two reasons :
* My provider blocks this setting because it allows packet sniffing and is not secure
* I don't want my CPU to be overstressed receiving packets from all VMs

How it should work attached to this post.

Do you know if another high availability setup exists ? For example, a tool like Keepalived (VRRP) would fix the virtual ip problem (not the xmlrpc sync but if I had to make a choice, I would choose working virtual ips).

Thank you !

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2