Topics

I am in the process of attempting to migrate over to HA. I am working on getting a duplicate machine to make things easier, but that has proved to be a little difficult without paying a small fortune.

While I am working on doing that, I was going to get some of the initial configuration changes done on my current machine. I was going to enable CARP on the LAN interface. I currently have the OPNSense configured like this:

GFiber - >OPNSense (10.0.0.1) -> Cisco Nexus (10.0.0.2)

TMO HSI (also goes in as WAN 2)

The Cisco Nexus handles all of my inter-VLAN routing. The only thing that currently hits the OPNSense box is the traffic destined for the internet. With it configured like this, I had to create Hybrid Outbound NAT Rules. They are an alias for all of the IP Ranges on the VLANs that use either the GFiber or TMO HSI connections. They map to the GFiber or TMO IP address depending on which connection they are using.

I am believing that all of this would stay the same. The only changes would be:

LAN Address would change to 10.0.0.x (I would probably set it to 3)

CARP VIP LAN Address would be set to 10.0.0.x (It would go to .1 so it matches the original configuration)

Is this correct for getting some of the initial setup done or is there a better/correct way of doing this?

I am not sure if this is related to upgrading to 25.7 or something that has changed by my mobile carrier.  I have a multi-WAN configuration setup to use Google Fiber as the primary connection and a mobile broadband connection for the secondary.  The mobile broadband connection is using a router that is providing a 129.168.12.x IP address.  The failover WAN is getting the proper IP and is able to ping that gateway.  When I SSH into the OPNSense box, I am able to ping the monitor IP (8.8.4.4) and have it go over the mobile WAN.  Then when I ping the other monitor IP (8.8.8.8) it uses Google Fiber.  I have let the ping run and I don't see any spikes in latency or dropped packets.  The Gateway monitoring is showing something totally different:

IPv4 250 192.168.12.1 8.8.4.4 20635.6 ms 129.2 ms 28.0 %

Has anyone experienced something similar?  Are there settings that I should update to correct this?

I am currently running OPNSense configured like multiple of the walkthroughs show online.  After configuration, my speeds on my WAN interface (VirtIO) is almost identical to what I had with my bare metal install.  The speeds on the LAN (VirtIO) interface are horrible.  I have tried everything that I could think of to fix the issue.  The one strange thing that I saw was:



ethtool --offload ens4f1 (WAN interface) generic-receive-offload off - fixing my LAN speeds, but cuts my WAN speeds in half.  If I go and turn it back on, the WAN speed goes back to normal, but the download on the LAN download goes to almost nothing, but the upload is almost spot on.  I would rather not pass my interfaces through to the VM if I don't have to.

When I attempt to install any plugin, they all keep hanging at Configuring system logging...  When they get to this point, it appears to crash my Dashboard and makes the system sluggish.  This is a new install on Baremetal.  If there is anything additional I can supply to help, please just let me know.