Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
[SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available (Read 2613 times)
RatherOldMan
Newbie
Posts: 10
Karma: 0
[SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
«
on:
February 20, 2023, 10:17:28 pm »
Hi all,
I installed two OPNsense identical Hardware-Firewalls, both updated to Version 23.1.1_2.
I configured High Availibility and the syncing works fine.
I configured a virtual CARP IP for the WAN Interface - ok - see it on the backup firewall.
But i cannot change Outbound NAT to that CARP VIP - there is no entry for that in Translation / target.
Only
- Single host or Network
- WAN address
- PFSYNC address
- LAN address
I tried an IP Alias on WAN - also not in that list.
Thx
The RatherOldMan
«
Last Edit: February 21, 2023, 11:11:49 am by RatherOldMan
»
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #1 on:
February 21, 2023, 09:20:11 am »
It was removed as it was being used as a fragile shortcut embedding the actual IP instead of the VIP designation so once you changed the VIP the entry in NAT was not changed. The plain IP configuration, however, should still apply as it was. A more robust solution would be to use aliases.
Cheers,
Franco
Logged
RatherOldMan
Newbie
Posts: 10
Karma: 0
Re: no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #2 on:
February 21, 2023, 11:03:22 am »
Thx - works like a charm.
It should be mentioned in the HowTo.
https://docs.opnsense.org/manual/how-tos/carp.html
Wave,
The RatherOldMan
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #3 on:
February 24, 2023, 08:02:42 pm »
Hi,
I don't think the doc is wrong mentioning the plain IP address?
https://docs.opnsense.org/manual/how-tos/carp.html#setup-outbound-nat
Cheers,
Franco
Logged
RatherOldMan
Newbie
Posts: 10
Karma: 0
Re: [SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #4 on:
March 07, 2023, 10:28:55 pm »
Hi Franco,
yes and no.
I can choose "LAN net" from a list.
So I thought the Translation / target is ALSO choosen from a list, entry is called "CARP virtual IP".
Old Humans are silly...
So I think it will be a good idea to add your "more robust solution":
Go to Firewall Aliases.
Create a Host(s)-alias for the CARP IP.
Go to Firewall NAT Outbound. ...
Cheers,
The RatherOldMan
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: [SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #5 on:
March 08, 2023, 08:45:03 am »
Have you checked the behaviour on 23.1.2? There was a fix for this actually that surfaced.
Cheers,
Franco
Logged
RatherOldMan
Newbie
Posts: 10
Karma: 0
Re: [SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available
«
Reply #6 on:
March 09, 2023, 05:20:37 pm »
Hi Franco,
atm i couldn't answer this - i deleted the whole CARP settings because of my disconnection / unstable connection problems.
https://forum.opnsense.org/index.php?topic=32856.0
Wave,
The RatherOldMan
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
[SOLVED] no CARP VIP entry in NAT > Outbound > Translation / target available