Messages

I am seeing the same issue after reboots since updating to 23.7.7. If I go into System --> Settings --> General, and then click save (no changes), once the save completes, ping and DBS work fine. As soon as I reboot, I end up back in the same situation.

Not sure if this will help, but I've been seeing the same behavior. I was able to address it (as a temporary workaround), by going to System --> Settings --> General. There, I clear my DNS server list, then click Apply. Once that has taken, I then add my DNS Server(s) and click Apply again. At that point, it seems to work. Until I restart.

Definitely seems like a bug in this version, and hope it gets fixed soon.

I'm not sure of your complete setup, but I had the same thing happen on my setup this weekend. I have 10 VLANs, and 1 out of the 10 was showing active on both nodes. Even though I had a firewall rule to allow subnet communication in that VLAN, my MASTER and BACKUP nodes couldn't ping each other on that subnet. My issue turned out to be that VLAN wasn't properly defined on my Unifi switch. Once I added the VLAN to my Unifi switch and made sure it was being broadcast to the ports for both routers, then I was able to communicate on that subnet, and my CARP started working correctly for that VLAN. Again, not sure of your entre setup, but I spent a good two hours trying to figure that one out this weekend. Hopefully this helps.

Thank you WaffleIron for the response and giving me the advice to get HA working. I went through my setup and was again at the point where my hardline stuff was working, but not my wireless. After doing more digging, I finally found my issue! I am using the mDNS-Repeater plugin to allow Chromecast across a few of my VLANs (mostly wireless VLANs). When I looked at the screen, I saw an option to "Enable CARP Failover". Upon reading the help message for it saying "This will activate the repeater service only on the master device.", I selected that on both nodes and applied. Suddenly my wireless was working again! So if anyone else runs into a similar issue, hopefully this helps. I spent too many hours on it, but looking at it now, it is pretty obvious I should have done that from the get go, and the fault lies with me.

So again, thank you WaffleIron for pushing me to get HA working instead of trying my hot/cold backup solution.

These aren't virtual. These are both mini PCs I got on Amazon. One just has 4x2.5GB ports (new one), while my original has 4x1GB ports. I did clean installs on both. On the old one, the interfaces (according to FreeBSD when looking on the command screen) shows igb0, igb1, igb2, and igb3. On the new server, the interfaces are labeled igc0, igc1, igc2, and igc3.

So your suggestion about backups from another machine with SSH might be my best option.

As for getting HA to work, I am going to try again. Last I tried it, everything the was hard lined worked fine, but my Unifi access points wouldn't be stable. I may or may not get an IP, and ping tests would randomly hit or fail. I also run a Unifi 24 port switch that both routers were plugging into. So I thought the issue might be around multicast with Unifi and Carp. But I wasn't sure why.

I'll try and set up HA again and see if I can't get that to work. Worst case scenario, you've given me something to try that should help me work around my current issue. So thank you for that! I will try these suggestions tomorrow and see if any of that works. Thank you again!

So I am running into a bit of a catch 22 and am hoping someone can point me in the right direction. I have 2 nearly identical boxes for OPNSense, with my primary having 2.5GB ports and the cold standby have 1GB ports. I tried doing High Availability, but my Unifi Wireless Access Points can't seem to handle that setup at all and stop responding/only respond intermittently, so I had to abandon that idea. So my next idea was to just make the systems clones of each other, leave one off, and if it has issues, restore from a nightly backup to the other box.

The issue I am running into is the interface names of the ethernet ports don't match (Box 1 is igc0 - igc3, while box 2 is igb0 - igb3). Normally, with a manual backup, I simply don't encrypt, and can then update the configuration before updating the other box. However with the encrypted backups the the Googke Drive interface does, that isn't an option. I have tried renaming the interfaces to match, but that never seems to survive a reboot, even when modifying the /etc/rc.conf file. Is there a way to rename the inr=terfaces to match? Or a way to decrypt the backups easily to make the appropriate changes?

Any help would be greatly appreciated!