OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • High availability »
  • High availability with multiple DHCP IP
« previous next »
  • Print
Pages: [1]

Author Topic: High availability with multiple DHCP IP  (Read 2143 times)

egeback

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
High availability with multiple DHCP IP
« on: May 28, 2024, 08:16:18 pm »
Hi

I have just setup a HA Opnsense setup with two virtual instances configured with CARP on internal vlan/interfaces but not on WAN due to DHCP setup. My ISP provides several IP DHCP IPs so each instance has its own IP. Failover works on the interfaces with CARP enabled (internal subnets on VLANs configured in Proxmox) but I have not found a way to trigger failover if WAN goes down. Gateway monitoring works but does not trigger failover (not sure if it should though?). Is there anyway to configure the gateway monitoring, or other function to trigger CARP to trigger and backup node takes over if WAN goes down?

I would like to avoid setting up a separate router and run double NAT if possible. I have seen tutorials but seams to be implemented mainly to solve the issue with when you only have a single DHCP address even if I also recognise that dynamic DNS "issue" is also solved, since the same IP is used on both routers.
Logged

stuartbh

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: High availability with multiple DHCP IP
« Reply #1 on: October 13, 2024, 05:51:47 pm »
egeback,

I am trying to plan a similar setup. My ISP provides (non-static, i.e. via DHCP) multiple public IPv4 IPs (at least 3, maybe 5). My interest is if one of the opnsense instance goes down due to hardware or reboot the other takes over. If my WAN DSL modem (a single point of failure) has an issue, then I will accept that.

Can you post what steps you took to get your setup going? I have VLAN capable switches and also use ProxMox.

Stuart
Logged

egeback

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: High availability with multiple DHCP IP
« Reply #2 on: October 17, 2024, 11:13:05 am »
Hi Stuart

To get started I think this excellent video by Jim's Garage is basically started with:
https://www.youtube.com/watch?v=I5n3QXOlxmw&pp=ygUab3Buc2Vuc2UgaGlnaCBhdmFpbGFiaWxpdHk%3D

Another guide from zenarmor that explains the steps in opnsense when proxmox is configured.
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-ha-on-opnsense

The setup without CARP/HA on the WAN side works but when the primary firewall goes down my external services goes down since the IP of the WAN changes as the firewall failovers. After this happens either I wait for reboot/fix or I need to trigger a update of the DNS record to my new IP. For my use case this is not a game breaker but could be nice to find a solution without putting another firewall infront of the setup, that is of course possible but goes a bit against HA but on the other hand I only have one incoming internet connection like what you have...

Regards, Marky
« Last Edit: October 17, 2024, 11:20:32 am by egeback »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • High availability »
  • High availability with multiple DHCP IP
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2