Show Posts
1
High availability / Re: Wierd CARP issue
« on: September 17, 2021, 11:30:53 pm »
I have some similiar problems... and hopefully one of you can help me.
My OPNsense are virtualized on vmware and I have no tried multiple things to get the VIP running...
define the same nics(vmxnet3), dedicated vlan for sync interfaces, including the vmware KB article mentioned here, but nothing helped...
if I look at the system log of one of the opnsense(that one is a fresh install 21.7), I see:
On the other node(that one is was an older version lastly updated from 21.1 to 21.7) I can't really see current system logs...
both sync interfaces can ping each other, but the VIP is not getting activated...
I set the fw rule to allow all incoming traffic on that sync interfaces and to allow all traffic from the LAN interface of each opnsense to only the other interface via the local LAN interfaces.
HA modes has been configured to synchronize states on both opnsense.
VIP has been configured only at one of both opnsense, with "192.168.4.10/24 (vhid 3 , freq. 1 / 0)"
hopefully one of you have some idea what I could try.
My OPNsense are virtualized on vmware and I have no tried multiple things to get the VIP running...
define the same nics(vmxnet3), dedicated vlan for sync interfaces, including the vmware KB article mentioned here, but nothing helped...
if I look at the system log of one of the opnsense(that one is a fresh install 21.7), I see:
Code: [Select]
Sep 17 21:04:44 OPNsense.localdomain opnsense[88818]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 192.168.4.10 - VIP_LAN.
Sep 17 21:04:47 OPNsense.localdomain opnsense[84697]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "192.168.4.10 - VIP_LAN (3@vmx0)" has resumed the state "MASTER" for vhid 3
Sep 17 21:04:47 OPNsense.localdomain opnsense[84697]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 192.168.4.10 - VIP_LAN.
Sep 17 21:14:30 OPNsense.localdomain opnsense[75053]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "192.168.4.10 - VIP_LAN (3@vmx0)" has resumed the state "BACKUP" for vhid 3
Sep 17 21:14:30 OPNsense.localdomain opnsense[75053]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 192.168.4.10 - VIP_LAN.
Sep 17 21:14:32 OPNsense.localdomain opnsense[44588]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "192.168.4.10 - VIP_LAN (3@vmx0)" has resumed the state "BACKUP" for vhid 3
Sep 17 21:14:32 OPNsense.localdomain opnsense[44588]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 192.168.4.10 - VIP_LAN.
Sep 17 21:14:34 OPNsense.localdomain opnsense[46862]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "192.168.4.10 - VIP_LAN (3@vmx0)" has resumed the state "MASTER" for vhid 3
Sep 17 21:14:34 OPNsense.localdomain opnsense[46862]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 192.168.4.10 - VIP_LAN.On the other node(that one is was an older version lastly updated from 21.1 to 21.7) I can't really see current system logs...
both sync interfaces can ping each other, but the VIP is not getting activated...
I set the fw rule to allow all incoming traffic on that sync interfaces and to allow all traffic from the LAN interface of each opnsense to only the other interface via the local LAN interfaces.
HA modes has been configured to synchronize states on both opnsense.
VIP has been configured only at one of both opnsense, with "192.168.4.10/24 (vhid 3 , freq. 1 / 0)"
hopefully one of you have some idea what I could try.