"
WEWAN is an interface configured with DHCP from modem, i have in proxmox 3 interfaces, 1 WAN, 1 LAN & 1 for HA/pfsync
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / Re: Opnsense High Availability Questions
February 27, 2025, 02:39:30 PM
Patrick? Anyone?
#3
General Discussion / Re: Opnsense High Availability Questions
February 26, 2025, 08:33:20 AM
Hi Patrick,
- Set the CARP VIPs to /32 instead of /24 (should not be cause of any problems, but "cleaner"). <- Done on both FWs
- Do you have a dedicated interface for pfsync, virtual or not? If yes, why NAT? And why not the default of directed multicast for pfsync? Yes, dedicated interface via Proxmox, I'm not sure of the remaining questions, I just followed the video.
- You have private networks on both sides, LAN and WAN, so the uplinks are Ethernet, right? Make sure to disable reply-to (Firewall > Settings > Advanced). - < Done on both FWs
- Both firewalls have a plain Ethernet connection on all Interfaces with CARP? Not only to some modem but also to each other, possibly via the modem's builtin switch? I don't fully understnd the question but the modem (WEWAN) is connected to same box as FW1 via Proxmox bridge to Opnsense
I attached the interfaces overview, it would help..
Also let me confirm if the tests i'm doing is right, once I go to FW1 System HA, and resync everything to FW2..
I have ping -t set for:
192.168.4.1
192.168.4.2
192.168.4.14
10.0.0.2
10.0.0.1
8.8.8.8
I dissconnect the FW1 LAN cable & here are the results:
192.168.4.1 - fails
192.168.4.2 - still pinging
192.168.4.14 - still pinging
10.0.0.2 - fails
10.0.0.1 - fails
8.8.8.8 - fails
- Set the CARP VIPs to /32 instead of /24 (should not be cause of any problems, but "cleaner"). <- Done on both FWs
- Do you have a dedicated interface for pfsync, virtual or not? If yes, why NAT? And why not the default of directed multicast for pfsync? Yes, dedicated interface via Proxmox, I'm not sure of the remaining questions, I just followed the video.
- You have private networks on both sides, LAN and WAN, so the uplinks are Ethernet, right? Make sure to disable reply-to (Firewall > Settings > Advanced). - < Done on both FWs
- Both firewalls have a plain Ethernet connection on all Interfaces with CARP? Not only to some modem but also to each other, possibly via the modem's builtin switch? I don't fully understnd the question but the modem (WEWAN) is connected to same box as FW1 via Proxmox bridge to Opnsense
I attached the interfaces overview, it would help..
Also let me confirm if the tests i'm doing is right, once I go to FW1 System HA, and resync everything to FW2..
I have ping -t set for:
192.168.4.1
192.168.4.2
192.168.4.14
10.0.0.2
10.0.0.1
8.8.8.8
I dissconnect the FW1 LAN cable & here are the results:
192.168.4.1 - fails
192.168.4.2 - still pinging
192.168.4.14 - still pinging
10.0.0.2 - fails
10.0.0.1 - fails
8.8.8.8 - fails
#4
General Discussion / Re: Opnsense High Availability Questions
February 25, 2025, 12:52:48 PM
Thanks Patrick,
Also, My interfaces names & identifiers are identical between both FWs.
Also, My interfaces names & identifiers are identical between both FWs.
#5
General Discussion / Re: Opnsense High Availability Questions
February 25, 2025, 11:41:02 AM
FW1 NAT outbound rule
#6
General Discussion / Re: Opnsense High Availability Questions
February 25, 2025, 11:27:07 AM
It's worth to mention that both FWs are on different Proxmox nodes but in same subnet 192.168.4.x
I have MAC Filtering in Proxmox disabled for both VMs.
I have MAC Filtering in Proxmox disabled for both VMs.
#7
General Discussion / Re: Opnsense High Availability Questions
February 25, 2025, 10:54:18 AM
FW 1 HA
#8
General Discussion / Re: Opnsense High Availability Questions
February 25, 2025, 10:53:47 AM
On FW1:
I have pfsync interface set to 10.0.0.1
on Firewall rules:
pfsync interface -> pass any to any
LAN & WAN -> pass any to any CARP
I can ping interface 10.0.0.2 from FW1 and vice-versa
its just when i unplug FW1 LAN cable, i lose all connectivity, however in Virtual IPs - > status - it shows as MASTER on FW2 for both LAN & WAN..
I have pfsync interface set to 10.0.0.1
on Firewall rules:
pfsync interface -> pass any to any
LAN & WAN -> pass any to any CARP
I can ping interface 10.0.0.2 from FW1 and vice-versa
its just when i unplug FW1 LAN cable, i lose all connectivity, however in Virtual IPs - > status - it shows as MASTER on FW2 for both LAN & WAN..
#9
General Discussion / Re: Opnsense High Availability Questions
February 24, 2025, 04:36:53 PM
Any support is appreciated.
#10
General Discussion / Re: Modem to Manage Switch to OPNsense Issue
February 24, 2025, 04:36:17 PM
Yes thats the working solution.
But i was looking for it to work from modem to switch to opnsense.
But i was looking for it to work from modem to switch to opnsense.
#11
General Discussion / Opnsense High Availability Questions
February 23, 2025, 09:37:42 AM
Hello,
Just new to Opnsense HA and its getting me really interested but i'm having several issues & questions.
I have a primary Opnsense VM and its working proplery with Multi-WAN on a proxmox VM.
Now i wanted to achieve HA so i created a clone from the existing one (exact replica), and following this video to create CARP/Virtual IPs as it has the exact setup of mine:
https://youtu.be/I5n3QXOlxmw?si=Yi8GepDm2M11afeD
My setup is as follows:
Modem 1 (DHCP ON) LAN port -> OpnSense Primary
Modem 2 (DHCP ON) LAN port -> Opnsense Primary
Modem 1 (DHCP ON) Lan port 2 -> Opnsense Secondary
Opnsense Primary: 192.168.4.1
Opnsense Secondary: 192.168.4.2
All services are ON on both (DHCP, DNS, AdGuard, ZenArmor, Crowdsec, etc)
The 1st problem is that when I turn on the secondary VM, the internet stops working or starts to stutter, I think that maybe related to that I have DHCP service on for the same subnet (192.168.4.x) and as well the other VLANs.
Should that be turned off on the secondary VM and HA sync should be taking place, so the question comes to my mind, what if the primary VM fails / offline, if DHCP is off on the secondary VM, how will the clients take IPs?
The 2nd problem is that when the primary is down, the secondary does not have internet to clients, if i login to opnsense via SSH and ping 1.1.1.1 - it pings normally, but the clients can't ping, not sure what is wrong, it shows in Virtual IPs status that the secondary is MASTER for both LAN & WAN.
The video was created for Opnsense 24.7.x however i'm using 25.1 - there were slightly different settings found in 25.1 vs. whats in the video, i just played around a bit with them but not sure if what i did was correct.
I'm ready to provide whatever configuration you need.
Your assistance is very much appreciated.
Thank you.
Just new to Opnsense HA and its getting me really interested but i'm having several issues & questions.
I have a primary Opnsense VM and its working proplery with Multi-WAN on a proxmox VM.
Now i wanted to achieve HA so i created a clone from the existing one (exact replica), and following this video to create CARP/Virtual IPs as it has the exact setup of mine:
https://youtu.be/I5n3QXOlxmw?si=Yi8GepDm2M11afeD
My setup is as follows:
Modem 1 (DHCP ON) LAN port -> OpnSense Primary
Modem 2 (DHCP ON) LAN port -> Opnsense Primary
Modem 1 (DHCP ON) Lan port 2 -> Opnsense Secondary
Opnsense Primary: 192.168.4.1
Opnsense Secondary: 192.168.4.2
All services are ON on both (DHCP, DNS, AdGuard, ZenArmor, Crowdsec, etc)
The 1st problem is that when I turn on the secondary VM, the internet stops working or starts to stutter, I think that maybe related to that I have DHCP service on for the same subnet (192.168.4.x) and as well the other VLANs.
Should that be turned off on the secondary VM and HA sync should be taking place, so the question comes to my mind, what if the primary VM fails / offline, if DHCP is off on the secondary VM, how will the clients take IPs?
The 2nd problem is that when the primary is down, the secondary does not have internet to clients, if i login to opnsense via SSH and ping 1.1.1.1 - it pings normally, but the clients can't ping, not sure what is wrong, it shows in Virtual IPs status that the secondary is MASTER for both LAN & WAN.
The video was created for Opnsense 24.7.x however i'm using 25.1 - there were slightly different settings found in 25.1 vs. whats in the video, i just played around a bit with them but not sure if what i did was correct.
I'm ready to provide whatever configuration you need.
Your assistance is very much appreciated.
Thank you.
#12
High availability / Re: HA confusion
February 23, 2025, 09:15:05 AM
I have the same question, confusion about DHCP, it conflicts when both are online at the same time, or should the secondary be configured differently?
#13
General Discussion / Re: Modem to Manage Switch to OPNsense Issue
February 03, 2025, 09:14:56 AM
Anyone?
#14
General Discussion / Re: Modem to Manage Switch to OPNsense Issue
February 01, 2025, 09:06:53 PM
One more screenshot
#15
General Discussion / Re: Modem to Manage Switch to OPNsense Issue
February 01, 2025, 08:41:19 PM
More screenshots
