Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - skocdopolet

Pages1
#1
High availability / Re: Master/Backup status for WAN and LAN interfaces simultaneously
July 25, 2023, 09:42:14 PM
Thank you Monviech for reply.

I think yes, I have firewall rules set correctly. CARP protocol is allowed on all interfaces with VIP by Automatically generated rules. I think it should be OK.

#2
High availability / Master/Backup status for WAN and LAN interfaces simultaneously
July 24, 2023, 09:20:27 PM
Hello,

We have installed two OPNsense nodes (in virtual environment with Proxmox). On both firewalls are configured two virtual IPs - one for WAN interface and one for LAN interface.

We have sometimes found unexpected behavior when first OPNsense node has MASTER for WAN and BACKUP for LAN interface and second OPNsense node has BACKUP for WAN and MASTER for LAN interface.

We dont know why firewalls are getting into this broken state.

I think this behavior should be controlled via: System: High Availability: Settings: Disable preempt. We have this checkboxes UNCHECKED on both firewalls. I read documentation and I did some searching on the internet and I am thinking when this option is unchecked, firewalls are switch all other interfaces when one fails. So I thing this settings is correct.

The virtual IPs are configured this way:
First OPNsense
Code Select
172.20.0.254/22 101 (freq. 1/0) LAN CARP LAN-GW  
178.238.37.27/26 100 (freq. 1/0) WAN CARP WAN-CARP

Second OPNsense
Code Select
172.20.0.254/22 101 (freq. 1/100) LAN CARP LAN-GW  
178.238.37.27/26 100 (freq. 1/100) WAN CARP WAN-CARP

By the way, we have turn off MAC filter on Proxmox firewall.

Could please anyone help me solve this problem?

Thank you!
Regards Tomas
Pages1