Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
current setup to cluster
« previous
next »
Print
Pages: [
1
]
Author
Topic: current setup to cluster (Read 2643 times)
mahescho
Jr. Member
Posts: 63
Karma: 2
current setup to cluster
«
on:
October 14, 2020, 12:39:05 pm »
Hi,
I've a running setup on a single appliance and I want to add a second appliance to create a cluster. Is it possible to do this without wiping my existing setup?
TIA
Matthias
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
sorano
Full Member
Posts: 153
Karma: 21
Re: current setup to cluster
«
Reply #1 on:
October 14, 2020, 01:52:47 pm »
Yes it's possible
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
mahescho
Jr. Member
Posts: 63
Karma: 2
Re: current setup to cluster
«
Reply #2 on:
October 14, 2020, 01:55:31 pm »
Ok, thanks but how to do this? Is there any documentation or a howto?
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: current setup to cluster
«
Reply #3 on:
October 14, 2020, 02:01:35 pm »
It´s the same like in the docs
https://docs.opnsense.org/manual/how-tos/carp.html
You´ll need to reconfigure all of your interfaces like described.
Logged
„The S in IoT stands for Security!“
mahescho
Jr. Member
Posts: 63
Karma: 2
Re: current setup to cluster
«
Reply #4 on:
October 14, 2020, 02:37:21 pm »
Thanks, well, my intention was to avoid to rekonfiguriere all 18 interfaces :-)
What about my few hundred firewall rules? The rules are bound to interfaces ...
An option may be to get two new appliances and migrate everything, also some thing I wanted to avoid.
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
sorano
Full Member
Posts: 153
Karma: 21
Re: current setup to cluster
«
Reply #5 on:
October 14, 2020, 03:54:14 pm »
Interfaces will need to be reconfigured, there is no escaping that.
Firewall rules will still be bound to same interfaces if you do the reconfiguring correctly and will then sync to your standby host.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: current setup to cluster
«
Reply #6 on:
October 14, 2020, 03:56:58 pm »
As you´re keeping the interfaces, the rules shouldn´t need updating.
Sometimes it´s a good idea to start over (you can restore a backup from your current box) with the second fresh box with a CARP setup in mind and after having all configured to switch to the new box. If everything is working like you wish, you take the currently running box and add it to the cluster.
In this way you don´t need two new boxes.
Logged
„The S in IoT stands for Security!“
mahescho
Jr. Member
Posts: 63
Karma: 2
Re: current setup to cluster
«
Reply #7 on:
October 14, 2020, 04:49:36 pm »
Cool, thanks, I will give it a try.
Logged
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
current setup to cluster