1
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: November 23, 2024, 11:16:45 am »
Sadly, no 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 17, 2024, 10:32:09 am »
Update:
Unfortunately the problem is still there. However, it now occurs much less frequently (approx. once a day) and no longer immediately after plugging in the 2nd firewall.
Unfortunately the problem is still there. However, it now occurs much less frequently (approx. once a day) and no longer immediately after plugging in the 2nd firewall.
3
High availability / Re: Virtuell IP on WAN - Source-IP for Routing?
« on: June 17, 2024, 01:02:35 am »
You need an Outbound NAT rule for your WAN Interface with your CARP VIP as target.
4
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 15, 2024, 10:39:43 am »
I think it's working now! It's up and running for 8h now.
I switched the STP protocol in the unifi switches from RSTP to STP. Read somewhere that STP is the OPNSense/FreeBSD default (Perhaps the problem is by Vodafone, RSTP + "Local" CARP worked without an issue). In my switch settings was STP deactivated for the WAN port profile .... this is still the case. In tne General Settings on unifi I switched RSTP to STP.
Here are some screenshots of my current setup for people who use OPNSense with unifi switches.
The sad: Now my Multi-WAN connection drops randomly. Internal routing works without an issue but WAN routing drops for a few minutes. But I think this is an other topic ...
I switched the STP protocol in the unifi switches from RSTP to STP. Read somewhere that STP is the OPNSense/FreeBSD default (Perhaps the problem is by Vodafone, RSTP + "Local" CARP worked without an issue). In my switch settings was STP deactivated for the WAN port profile .... this is still the case. In tne General Settings on unifi I switched RSTP to STP.
Here are some screenshots of my current setup for people who use OPNSense with unifi switches.
The sad: Now my Multi-WAN connection drops randomly. Internal routing works without an issue but WAN routing drops for a few minutes. But I think this is an other topic ...
5
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 14, 2024, 03:13:04 pm »
Yes, both Firewalls are synchonized. I even restarted the firewalls afterwards.
6
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 10, 2024, 03:25:18 pm »
Good to hear it's working for you. Sadly dosen't work for me
Here is my alias and firewall rule.
Here is my alias and firewall rule.
7
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 05, 2024, 09:32:04 am »
Ok, I will try it. I can't try it until the weekend because I won't be back before then. I will write you.
8
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 05, 2024, 07:37:37 am »
Yes. I have an RFC1918 Alias, which I use to route the public traffic to a Gateway-Group.
9
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 03, 2024, 04:25:40 pm »
Yes, I use Load Balancing too.
That's why I asked, but if it was due to Load Balancing, both connections would have to be affected.
I remember a forum post where someone successfully runs HA with Vodafone Cable. So there must exist an solution ....
That's why I asked, but if it was due to Load Balancing, both connections would have to be affected.
I remember a forum post where someone successfully runs HA with Vodafone Cable. So there must exist an solution ....
10
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: June 03, 2024, 01:38:08 pm »
Same Setup here ....
But I can't use my second WAN for HA. Second WAN is DHCP only. So second WAN is configured on both OPNsenses but only plugged into one Sense.... on the other is the interface offline.
Your ISP is also Vodafone? If so, do you think it could be an Vodafone issue?
But I can't use my second WAN for HA. Second WAN is DHCP only. So second WAN is configured on both OPNsenses but only plugged into one Sense.... on the other is the interface offline.
Your ISP is also Vodafone? If so, do you think it could be an Vodafone issue?
11
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 03:11:57 pm »
Is there the possibility that a Firewal rule relay DHCP or DNS traffic to the WAN interface?
EDIT:
Hope this was the solution for me. Testing at the moment ....
EDIT 2:
Sadly not the solution. Have a floating rule which allows dhcp,dns,ntp .... to "this firewall" for all local networks. Deactivated the rule, but broadcast flood coming in ...
EDIT:
Hope this was the solution for me. Testing at the moment ....
EDIT 2:
Sadly not the solution
. Have a floating rule which allows dhcp,dns,ntp .... to "this firewall" for all local networks. Deactivated the rule, but broadcast flood coming in ...
12
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 03:07:44 pm »
You have a Multi WAN Setup?
13
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 02:26:08 pm »
@HenrikHenkel is IGMP Snooping or Multicast DNS traffic enabled on vlan configuration?
14
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 02:23:47 pm »
Ok.
In this case, shouldn't there also be a broadcast flood in the LAN or in one of the LAN VLAN? Configuration for WAN vlan is exactly the same like lan vlan configuration. I will delete this evenig the wan vlan and rebuild it from scratch....
To be sure... I checked under Services -> DHCP Relay whether a dhcp relay exists or not.
In this case, shouldn't there also be a broadcast flood in the LAN or in one of the LAN VLAN? Configuration for WAN vlan is exactly the same like lan vlan configuration. I will delete this evenig the wan vlan and rebuild it from scratch....
To be sure... I checked under Services -> DHCP Relay whether a dhcp relay exists or not.
15
High availability / Re: 2 OPNsenses same WAN network Broadcast Flood
« on: May 28, 2024, 01:37:35 pm »
No relay is running. DHCP and DHCP6 server is disabled on this Interface.