current setup to cluster

Started by mahescho, October 14, 2020, 12:39:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 14, 2020, 12:39:05 PM
Hi,

I've a running setup on a single appliance and I want to add a second appliance to create a cluster. Is it possible to do this without wiping my existing setup?

TIA
Matthias
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
October 14, 2020, 01:52:47 PM #1
Yes it's possible
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
October 14, 2020, 01:55:31 PM #2
Ok, thanks but how to do this? Is there any documentation or a howto?
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
October 14, 2020, 02:01:35 PM #3
It´s the same like in the docs https://docs.opnsense.org/manual/how-tos/carp.html

You´ll need to reconfigure all of your interfaces like described.
,,The S in IoT stands for Security!" :)
October 14, 2020, 02:37:21 PM #4
Thanks, well, my intention was to avoid to rekonfiguriere all 18 interfaces :-)

What about my few hundred firewall rules? The rules are bound to interfaces ...

An option may be to get two new appliances and migrate everything, also some thing I wanted to avoid.
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
October 14, 2020, 03:54:14 PM #5
Interfaces will need to be reconfigured, there is no escaping that.

Firewall rules will still be bound to same interfaces if you do the reconfiguring correctly and will then sync to your standby host.
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
October 14, 2020, 03:56:58 PM #6
As you´re keeping the interfaces, the rules shouldn´t need updating.

Sometimes it´s a good idea to start over (you can restore a backup from your current box) with the second fresh box with a CARP setup in mind and after having all configured to switch to the new box. If everything is working like you wish, you take the currently running box and add it to the cluster.

In this way you don´t need two new boxes.
,,The S in IoT stands for Security!" :)
October 14, 2020, 04:49:36 PM #7
Cool, thanks, I will give it a try.
OPNsense 24.1.6-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Print
Go Up Pages1
User actions