Update HA pair

[yomeyo]

Hi,

I currently run 2 OPNsense 16.7.0 instances in active/standby using CARP and pfSync. There are updates available. Is there any best practices method available for updating a HA setup of OPNsense?

[yomeyo]

Does anyone have experience with this? Thanks.

[andresmeliann]

Hi, Im sorry I bother you, but as you are more advanced than I into HA using OPNSENSE 16.7, Im having some issues to making works HA, because I do it like the documentation and it doesnt work fine, apparently it synchronize well but secundary firewall saw Virtual IP via another interface, even it have conectivity between all interfaces inter firewall. If you could give the configuration you use or a guide I will be very gracefull.

Thanks for you help   

[bartjsmit]

Active/passive cluster patching follows a common set of steps:

1. Negotiate a short downtime with your users
2. Patch your passive node
3. Fail over the cluster
4. Fail back if any issues
5. Patch the remaining node

Be wary of version anxiety; make sure the updates fix issues or vulnerabilities that apply to you.

Bart...

[yomeyo]

Hi Bart, thanks for the reply. Do you know how to failover to the other device other than unplugging or shutting down the active node?

Thanks.

[bartjsmit]

Those are the recommended actions for fail-over. Unplugging the LAN is quicker to revert than shutting down but harder to do remotely ;-)

Bart...

[yomeyo]

Yes, but how to update if the LAN is unplugged? If I replug the LAN it will switch back to being the active node.