"
Hi all,
I'm running an OPNsense HA setup (version 25.1) with two nodes: defqon01 (preferred/master) and defqon02.
CARP and pfSync are working as expected — the VIP (10.0.10.1) transitions smoothly between nodes, and state sync is reliable.
However, I'm consistently facing the following issue after failback to defqon01:
⸻
🐞 Problem Summary:
• Interface: ix0_vlan10
• VIP: 10.0.10.1 (CARP) → works fine
• Static IP on LAN interface: 10.0.10.10
• After failback from defqon02 to defqon01, VIP is reachable, but 10.0.10.10 is not
• ifconfig ix0_vlan10 down && up on defqon01 instantly resolves the issue
• Web GUI, ping and other services on the LAN IP remain unreachable until that interface bounce
⸻
🔎 What I've ruled out:
• Firewall rules → allow any to 10.0.10.10
• Interface is marked UP
• IP is bound (seen in ifconfig)
• pfSync is working
• CARP status transitions as expected
• Preemption is enabled
• No demotion or failover loops
⸻
📸 Confirmed via:
• tail -f /var/log/system.log shows normal CARP MASTER transitions
• tcpdump shows no ARP/ICMP replies from LAN IP until bounce
• sockstat shows services not binding until interface reset
• The issue is 100% reproducible
• VLAN interface + CARP seem to be the key
I'm running an OPNsense HA setup (version 25.1) with two nodes: defqon01 (preferred/master) and defqon02.
CARP and pfSync are working as expected — the VIP (10.0.10.1) transitions smoothly between nodes, and state sync is reliable.
However, I'm consistently facing the following issue after failback to defqon01:
⸻
🐞 Problem Summary:
• Interface: ix0_vlan10
• VIP: 10.0.10.1 (CARP) → works fine
• Static IP on LAN interface: 10.0.10.10
• After failback from defqon02 to defqon01, VIP is reachable, but 10.0.10.10 is not
• ifconfig ix0_vlan10 down && up on defqon01 instantly resolves the issue
• Web GUI, ping and other services on the LAN IP remain unreachable until that interface bounce
⸻
🔎 What I've ruled out:
• Firewall rules → allow any to 10.0.10.10
• Interface is marked UP
• IP is bound (seen in ifconfig)
• pfSync is working
• CARP status transitions as expected
• Preemption is enabled
• No demotion or failover loops
⸻
📸 Confirmed via:
• tail -f /var/log/system.log shows normal CARP MASTER transitions
• tcpdump shows no ARP/ICMP replies from LAN IP until bounce
• sockstat shows services not binding until interface reset
• The issue is 100% reproducible
• VLAN interface + CARP seem to be the key
