Topics

For some reason users (ssh) authorized keys get synchronized to the backup node only when we manually do the "Synchronize config to backup". Is this intended behaviour?

Would expect OPNsense to automatically synchronize it to backup node when saving configuration after adding the key to a user.

Hello!

First of all my humble thank you to everyone who has put in their time for this project. It's amazing! <3

I've been fiddling around with OPNsense for the last couple of days. My experience so far has been with enterprise firewalls (Cisco & Fortigate mostly), but I'm considering using OPNsense for a side-project.

My main worry is seamless HA, so I labbed it up on VirtualBox with 2x OPNsense and a client host.
When I finally got everything working (had to enable Promiscuous mode in VirtualBox for CARP), I first tested what happens when I shut down or reboot the Master of the cluster.

I found that the sessions will not be transferred and I will lose quite a bunch of pings into a black hole (just guessing, but probably because the master is not telling the backup, that it's no longer routing the packets, until CARP detects it when the master has finally shut down).

Secondly I tested what happens when I just disconnect the ethernet cables from the master, while there's a download going and ping running. I did not lose any pings (nice!), but the session was still not transferred to the backup OPNsense.

I documented these tests into a video, which can be found here
It's a too long video, but I only discovered in the 2nd part of the video, that I could see what was happening with the sessions with the pfTop feature. Anyways you can see everything in the first minutes.

Do you know if the sessions not being transferred to the other member of the cluster is working as intended or is there something wrong with my setup or it's a bug?