Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Gateway to master instance makes backup instance unreachable on LAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Gateway to master instance makes backup instance unreachable on LAN (Read 1860 times)
raspbeguy
Newbie
Posts: 3
Karma: 0
Gateway to master instance makes backup instance unreachable on LAN
«
on:
October 20, 2022, 02:59:46 pm »
Hello,
I'm pretty new with OPNsense/freeBSD. I have to OPNsense instances in master/backup setup.
Instance mulder, LAN IP 192.168.0.4/24
Instance scully, LAN IP 192.168.0.5/24
Both instances LAN interfaces are configured in a CARP: 192.168.0.1/24
Currently mulder is backup and scully is master.
To enable mulder able to access WAN, I set up a Gateway in System > Gateways
Then I set this gateway as IPv4 Upstream Gateway in Interfaces > [LAN]
As a result, the backup instance has access to the internet but is now unreachable from my LAN devices: whenever it receives a TCP or ICMP package, it wants to respond through the configured gateway. To make those screen capture I had to connect through another interface.
Am I missing something?
«
Last Edit: October 20, 2022, 03:02:06 pm by raspbeguy
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6854
Karma: 575
Re: Gateway to master instance makes backup instance unreachable on LAN
«
Reply #1 on:
October 20, 2022, 03:11:50 pm »
You need a fixed IP address on WAN for each of the notes both pointing to the regular default gateway, and a floating (CARP/VIP) IP address on WAN that is active on whichever node is the master.
This way both nodes have Internet access.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
raspbeguy
Newbie
Posts: 3
Karma: 0
Re: Gateway to master instance makes backup instance unreachable on LAN
«
Reply #2 on:
October 20, 2022, 03:19:07 pm »
Well, this isn't possible here. WAN side is managed by DHCP so only one possible IP. There is already
a topic for that
but that's another problem
Logged
Patrick M. Hausen
Hero Member
Posts: 6854
Karma: 575
Re: Gateway to master instance makes backup instance unreachable on LAN
«
Reply #3 on:
October 20, 2022, 03:22:02 pm »
Well, what I told you is how the setup and protocol is supposed to work. If you only have a single uplink with a single IP address via DHCP, what's the point having a HA setup, anyway?
Of course you can try to hack until it sort of works. Unfortunately I cannot help with that.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
raspbeguy
Newbie
Posts: 3
Karma: 0
Re: Gateway to master instance makes backup instance unreachable on LAN
«
Reply #4 on:
October 20, 2022, 03:27:10 pm »
Of course, it would make more sense to have two separate physical links to connect to the WAN. But it still makes sense to set up HA even in this configuration, for example when upgrading the instances without downtime, and of course educational purpose and having fun (maybe I should have made it clear that this isn't a production setup, only my homelab).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Gateway to master instance makes backup instance unreachable on LAN