Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - bbtaeuber

Pages: [1]

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: June 02, 2021, 07:34:12 am »

Thanks no1fuxwithtux for testing with raw FreeBSD and the time you invest.

Admins, please give it a higher priority.
HA was one of the more important arguments to choose OPNsense.

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: May 27, 2021, 08:55:44 am »

Had someone time to look into this?
I'm back from my vacation.

Thanks,
Lars

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: May 11, 2021, 12:26:41 pm »

last screenshots

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: May 11, 2021, 12:26:17 pm »

next screenshot

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: May 11, 2021, 12:25:56 pm »

first screenshots

High availability / Re: Default gateway lost on CARP master after failback #4977

« on: May 11, 2021, 07:42:37 am »

Quote from: mimugmail on May 10, 2021, 09:40:30 am

Far gateway should help, or place a router/modem infront and run private IPs und the OPNsense where the router portforward all ports to the the HA IP internally

It didn't help.

The modem or an additional router is not an option for us, because the firewall cluster being the router is a requirement. This FW cluster is for a local network of about 1000 devices connected to an ISP via 1GB ethernet.

Another strange thing ist, that when I reset the "IPv4 Upstream Gateway" from a manual setting to "Auto-detect" it works once. But only once.

I'm willing to send more config to get this bug fixed. Which information is needed therefore?

For the next 12 days I'm on a vacation.

Cheers,
Lars

High availability / Default gateway lost on CARP master after failback #4977

« on: May 10, 2021, 09:34:19 am »

Hi everybody,

this is a thread made to discuss the issue #4977.

Our situation:
We have a small cluster of two identical opnsense boxes.
Several interfaces have virtual IP addresses.
On the WAN interface we have one official /30 virtual IPv4 address.
That's the reason we configured private IPv4 addresses statically to the interface (10.A.B.C/24).
It seems necessary to have IPv4 addresses configured to the WAN interfaces for the CARP to work correctly. (Why?)

The problem:
When the master node (A) loses the connection the backup node (B) takes over all the virtual IPs as expected.
When the node A receives the connection again it becomes master again but removes the default route from the WAN interface.

A solution(?):
The suggestion of my colleague now is, that this is because we didn't made the hook on the "Far Gateway" setting for this gateway. The default route is removed, because there is only a private IPv4 address fixed on the WAN that is in a different net than the gateway.
The check for the gateway being on a net that is reachable by the interface seems to be made before the virtual IP is bound to the interface. (Maybe this could be changed?)

We will test, if the hook on "Far Gateway" has an effect in our sense, tomorrow.

Thanks and best regards,
Lars

Pages: [1]