91
General Discussion / Re: Switching from pfSense - features
« on: July 13, 2017, 08:44:44 pm »
Looked around more here and at the brochure. A few more questions:
- The brochure describes the CARP failover method as being for the whole device with OPNsense. So where pfSense allows setup of multiple CARP tests on a per-interface basis, OPN sense uses a single CARP signal for everything? The brochure implies that every interface on the primary is tested, when it says with the failure of any one results in the secondary taking over. How is this implemented? Is it one CARP signal broadcast over all interfaces, with the secondary listening on all interfaces and taking over if any one of them goes silent? What is done to avoid split-brain then, and take down the VIPs on the primary?
- The forums show that there are some persistent problems with IPsec. Reliable IPsec is a primary requirement here. Is there a stable version with rock-solid IPsec performance?
Thanks,
Whit
- The brochure describes the CARP failover method as being for the whole device with OPNsense. So where pfSense allows setup of multiple CARP tests on a per-interface basis, OPN sense uses a single CARP signal for everything? The brochure implies that every interface on the primary is tested, when it says with the failure of any one results in the secondary taking over. How is this implemented? Is it one CARP signal broadcast over all interfaces, with the secondary listening on all interfaces and taking over if any one of them goes silent? What is done to avoid split-brain then, and take down the VIPs on the primary?
- The forums show that there are some persistent problems with IPsec. Reliable IPsec is a primary requirement here. Is there a stable version with rock-solid IPsec performance?
Thanks,
Whit