Messages

1

High availability / our AdvLinkMTU on vtnet0 doesn't agree with fe80::192:168:1:1

« on: August 09, 2024, 03:05:57 pm »

I'm getting these warnings in my logs in both Master and Backup servers. How to fix? Thanks.

Code: [Select]

radvd: our AdvLinkMTU on vtnet0 doesn't agree with fe80::192:168:1:1
- vtnet0 is my LAN
- fe80::192:168:1:1 is my VIP link local address setup according to https://docs.opnsense.org/manual/how-tos/carp.html#setup-virtual-ipv6-link-local-address
- IPv6 is setup as SLAAC
- MTU is left at defaults, not configured in any interfaces

2

High availability / Re: arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 04:51:38 pm »

Another Q.. what about my Wireguard setup?

- Do I need to set a different "Tunnel Address"? My FW1 is 192.168.8.1/24. Do I need to set 192.168.8.2/24 for FW2?
- Do I set the "Depend On Carp" field to 192.168.1.1 which is my VIP LAN address?

3

High availability / Re: arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 04:39:10 pm »

Thanks for straightening me out  Guess I thought FW2 should be a replicate of FW1 with the exception of the CARP related config. Still learning.....

BTW, I guess some people like me have problems with "pasting" screenshots is prob because most sites just allow you to copy and paste screenshots. Whereas this site requires you to first save the screenshots as a file and then "pasting" them as file attachments.

4

High availability / Re: arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 04:28:20 pm »

The site wont allow me to paste screenshots, so I'm attaching .pdf of the screens.

You cannot have the same IP address on both firewalls in that VLAN 10 ...

OK. I've attached jpeg's as attachments. Is this what you mean, set FW1 Static IP 192.168.10.1 and FW2 Static IP 192.168.10.2? Thanks.

5

High availability / Re: arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 03:46:04 pm »

The site wont allow me to paste screenshots, so I'm attaching .pdf of the screens.

6

High availability / Re: arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 03:18:09 pm »

Please post the interface configuration of both firewalls for that VLAN and the configuration of that CARP address.

New to this... is there a specific shell command to do this or will screen shots do?

7

High availability / [Solved] arp: xx:xx:xx:68:dd:f0 is using my IP address

« on: July 30, 2024, 02:56:14 pm »

FW1-        xx:xx:xx:db:9b:4c
FW2-        xx:xx:xx:68:dd:f0
VLAN10-  192.168.10.1

I'm on v24.1.10_3 and set up CARP following Opnsense's docs and it seems to be working with auto fail-over.
 
BUT I keep getting this Notice in FW1 logs complaining about FW2 using its IP address:

Code: [Select]

<3>arp: xx:xx:xx:68:dd:f0 is using my IP address 192.168.10.1 on vlan0.10!
Due to this, my VLAN0.10 keeps getting disconnected. This goes away when I poweroff my FW2. How do I fix this? Thanks.

8

General Discussion / Re: opnsense noob, I want to configure IPv6

« on: May 29, 2024, 10:42:45 pm »

I struggled a bit too but followed the steps on this post https://forum.opnsense.org/index.php?topic=32741.0 and it worked for me. But I use SLAAC instead of DHCPv6 for the LAN. If you want SLAAC, for Router Advertisements, just set to "Unmanaged" and leave the rest as default.

I'm no expert but I noticed your prefix delegation size is 57. Is that correct? I typically only see 56 or 64.

9

General Discussion / IPv6 and dynamic DNS updates

« on: May 29, 2024, 02:34:22 am »

With IPv4, I only have 1 external WAN IP address, so the DDNS update can be done at the router level. But with IPv6, I can have 5 servers with 5 different external IPv6 addresses.

Since most providers dont provide static IPv6 yet, whats the best way to update my AAAA entries at the DDNS provider? Do I run separate update bash scripts on each of the servers? And aside from setting up a cronjob for the update, how do I detect when the IP changes at the server level so I can trigger an update?

10

High availability / Re: Devices/Servers with static Gateway

« on: May 26, 2024, 11:41:23 pm »

Thanks for sharing your experience on this. Now why didnt I think of this earlier??! Guess my brain was only chasing the path of maybe there is a setup in Opnsense to point the 192.168.1.1 GW to 192.168.1.220! Your solution is simple and works.

11

High availability / Devices/Servers with static Gateway

« on: May 26, 2024, 11:02:39 pm »

FYI, I also posted this on the Reddit grp, hoping will get answer on either forum.

I managed to get High Availability/CARP working.

Firewall 1 IP: 192.168.1.1
Firewall 2 IP: 192.168.1.10
VIP LAN: 192.168.1.220

Now, my problem is with existing IOT devices (lots!) and Proxmox LXC/VMs which I have set up with static IPs/Gateways where the Gateway is pointing to 192.168.1.1. So, when I switch the Master over to 192.168.1.10, everything stops working. I can manually change all my existing devices Gateway to the VIP LAN IP of 192.168.1.220 but its going to be painful. Its also not a smart way of doing this in case I need to revert back to a single Firewall. Is there a smarter or simpler way of doing this? Googling didnt turn up anything. Thanks.