Can't Access GUI on Secondary

[halianelf]

I have a pair of firewalls and a really weird issue. I'm basically never attached to my LAN. I either use the public IP that's has a rule to only allow specific IPs or I'm coming across a VPN.

My primary works fine. I can access it both across the tunnel or using it's public. My secondary, I can't except coming from my VM I used for testing that's on the LAN. Even if I put the primary in persistent maintenance mode, it doesn't work on the CARP IP either.

I enabled logging on the rule that I have allowing traffic from the WAN and the log shows it being allowed but all I ever get is "This site can't be reached x.x.x.x took too long to respond." So at this point I'm at a loss as to what's causing it. It was working fine until I had it reboot (through GUI) because it was giving an error checking for updates yesterday.

Version: OPNsense 18.7.1_3-amd64

[mimugmail]

Can you also login to VPN when the secondary is master?

[halianelf]

No, doesn't look like the the OpenVPN nor the IPSec (at least initiating it from the remote side) work on the secondary either.

[mimugmail]

Can you check if your HA setup works like desired and perhaps we fix this first :)

[halianelf]

Pretty sure my HA is working properly but feel free to take a look and let me know if you see something off. If I missed anything you want to see/think will help troubleshoot, let me know. The rules did update on the secondary when I tried changing the GUI allow run on the WAN interface to the 3 IPs (One for each + CARP) for the firewalls rather than just "This Firewall".

[halianelf]

It may be a NAT issue but not sure exactly what to do to fix it. If I ping an outside IP using the default it works and gets a response. If I change it to the inside it doesn't. Not sure if that helps.