Show Posts
1
19.1 Legacy Series / CARP WAN both masters
« on: June 24, 2019, 09:18:46 pm »
I have two identical machines (scope7-7525) with opnsene on 19.1, which is working fine. Only problem is the CARP behaviour.
Master system is
LAN 192.168.10.1/24
DMZ 192.168.20.1/24
PFSYNC 10.0.0.1/24
WAN xxx.xxx.xxx.194/26 on Gateway xxx.xxx.xxx.193
virtual IPs
xxx.xxx.xxx.196/26 (vhid 1 , freq. 1 / 0)
192.168.10.3/24 (vhid 2 , freq. 1 / 0)
192.168.20.3/24 (vhid 3 , freq. 1 / 0)
Backup system is
LAN 192.168.10.2/24
DMZ 192.168.20.2/24
PFSYNC 10.0.0.2/24
WAN xxx.xxx.xxx.195/26 on Gateway xxx.xxx.xxx.193
virtual IPs
xxx.xxx.xxx.196/26 (vhid 1 , freq. 1 / 100)
192.168.10.3/24 (vhid 2 , freq. 1 / 100)
192.168.20.3/24 (vhid 3 , freq. 1 / 100)
My problem is CARP on WAN, which is always going on both machines on "master". This is followed by some conficts e.g. aborting SSH connection. Every users action is takiing minutes, obviously because they try to synchronize, I guess.
The other interfaces (LAN, DMZ) are switching fine from master to backup and back, when master is off.
For synchronization (PFSYNC) I set Peer IP 10.0.0.1 (synchronize to https://10.0.0.1:8443) on master and 10.0.0.2 (https://10.0.0.2:8444) on backup. On both machines I did not deactivate Preempt (because I read in some threads not to do so). I do not use VLAN or anything special.
Since days of trying I am now at the end. May be anyone has a nice idea, what may be my solution?
Master system is
LAN 192.168.10.1/24
DMZ 192.168.20.1/24
PFSYNC 10.0.0.1/24
WAN xxx.xxx.xxx.194/26 on Gateway xxx.xxx.xxx.193
virtual IPs
xxx.xxx.xxx.196/26 (vhid 1 , freq. 1 / 0)
192.168.10.3/24 (vhid 2 , freq. 1 / 0)
192.168.20.3/24 (vhid 3 , freq. 1 / 0)
Backup system is
LAN 192.168.10.2/24
DMZ 192.168.20.2/24
PFSYNC 10.0.0.2/24
WAN xxx.xxx.xxx.195/26 on Gateway xxx.xxx.xxx.193
virtual IPs
xxx.xxx.xxx.196/26 (vhid 1 , freq. 1 / 100)
192.168.10.3/24 (vhid 2 , freq. 1 / 100)
192.168.20.3/24 (vhid 3 , freq. 1 / 100)
My problem is CARP on WAN, which is always going on both machines on "master". This is followed by some conficts e.g. aborting SSH connection. Every users action is takiing minutes, obviously because they try to synchronize, I guess.
The other interfaces (LAN, DMZ) are switching fine from master to backup and back, when master is off.
For synchronization (PFSYNC) I set Peer IP 10.0.0.1 (synchronize to https://10.0.0.1:8443) on master and 10.0.0.2 (https://10.0.0.2:8444) on backup. On both machines I did not deactivate Preempt (because I read in some threads not to do so). I do not use VLAN or anything special.
Since days of trying I am now at the end. May be anyone has a nice idea, what may be my solution?