Messages

Thank you so much! I was trying to re-image and older OPNsense device but was stuck with coreboot which doesn't support UEFI. Couldn't get either the OPNsense installer nor the Protectli flash image to boot with legacy bios.
This finally solved it!

Same problem here :(

I can also see in the logs the balancing being done as if the seeting was 128:

2024-05-20T21:42:49   Informational   dhcpd   balanced pool 8256ae180 192.168.0.0/24 total 64 free 28 backup 28 lts 0 max-misbal 8   
2024-05-20T21:42:49   Informational   dhcpd   balancing pool 8256ae180 192.168.0.0/24 total 64 free 34 backup 22 lts 6 max-own (+/-)6   

Same here - hadn't noticed. Possibly it is trying to use the CARP address to ping the GW ...

For me the IPv6 gateway shows down on both master and backup as dpinger is binding to the WAN interface address rather than the CARP VIP. As I only have a single GUA for the WAN link, the WAN interface addresses are ULA (I.e. not in the same subnet as the VIP):

Code Select Expand

root@router-nuc:~ # ps x | grep dpinger
40628  -  Is      0:00.02 /usr/local/bin/dpinger -f -S -r 0 -i WAN_GWv6 -B fd00:1234:5678:90ab::5 -p /var/run/dpinger_WAN_GWv6.pid -u /var/run/dpinger_WAN_GWv6.sock -C /usr/local/etc/rc.syshook monitor -s


On the other hand the IPv4 gateway monitor binds to the VIP and it works.

From what I can see, determination of the address to bind to is done in dpinger_configure_do(). For IPv4, it iterates through the interface IPs until it finds one in the same subnet as the monitor address, so in my case it finds the VIP address. For IPv6, if the monitor address isn't an LLA it uses interfaces_primary_address6() to get the bind address which basically finds the first valid address which isn't an alias. It doesn't do the subnet check.