Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
High Availability with 1 public IP address per WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: High Availability with 1 public IP address per WAN (Read 5551 times)
afan
Newbie
Posts: 26
Karma: 2
High Availability with 1 public IP address per WAN
«
on:
January 18, 2021, 05:51:04 pm »
Hi guys,
My situation:
- ISP A: n=1 Public IP address, bound to a certain MAC address
- ISP B: n=1 Public IP address (though PPPoE)
- Latest OPNsense using different VLANs with WAN failover (i.e. VLAN 1 using ISP A by default, if not available then ISP B; VLAN 2 using ISP B by default, if not available then ISP A)
I'd like to use OPNsense High Availability so I can reboot my host easily.
Is that elegantly possible with just n=1 IP address per WAN link (out of which one is bound to a MAC address, which I can choose (once))?
Thanks!
Logged
marcquark
Full Member
Posts: 103
Karma: 5
Re: High Availability with 1 public IP address per WAN
«
Reply #1 on:
January 18, 2021, 09:27:59 pm »
Not sure about the MAC address part, but it is possible to configure addresses from a private /30 range on the WAN interfaces of both HA member hosts, and have them share the only available WAN IP via CARP. That will involve manual outbound NAT though. Only the active cluster member will be able to access the internet through that primary WAN interface, and you'll need to account for that aswell (think updates).
I have no experience with PPPoE, but it may be worthwhile to just put something like a Fritzbox between OPNsense and your PPPoE line and share the connection between both OPNsense that way.
my 2ct: It's all doable but you'll need time to think it through and it's very easy to shoot yourself in the foot. HA setups are significantly more complex than non-HA setups, not only during installation but - crucially - also when having to troubleshoot. Do think twice whether it's actually worth it to gain a couple of minutes extra uptime in exchange for potential hours of downtime and headache when things go wrong and you're not prepared.
«
Last Edit: January 18, 2021, 09:29:42 pm by marcquark
»
Logged
afan
Newbie
Posts: 26
Karma: 2
Re: High Availability with 1 public IP address per WAN
«
Reply #2 on:
January 18, 2021, 09:37:57 pm »
Alright, understood. Dropping that plan then.
As an alternative, would following work?
Have the latest & greatest config file available of VM1 at all times (maybe automatically generate & sync it somewhere?)
For a planned downtime: spin up VM2 on a different system with same (fixed) virtual MAC addresses but NOT connecting the virtual adapters, except for 1 management adapter
Import the config into VM2 through the management adapter
Turn off the VM1; once down connect the virtual adaptors to VM2
After the planned downtime: turn off VM2 and turn on VM1 again
Any comments?
Logged
marcquark
Full Member
Posts: 103
Karma: 5
Re: High Availability with 1 public IP address per WAN
«
Reply #3 on:
January 19, 2021, 05:50:54 pm »
Sounds like a decent plan to me. If your OPNsense is virtualized then it should be easy enough to create a 1:1 replica and import the config like you suggest.
For keeping the most recent config around as a backup, take a look at the various available autobackup solutions. There's Nextcloud and Google Drive out of the box
https://docs.opnsense.org/manual/how-tos/cloud_backup.html
or git through a plugin (nice for keeping an accurate track of config changes)
https://docs.opnsense.org/manual/git-backup.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
High Availability with 1 public IP address per WAN