Understanding CARP dashboard / strange behaviour

Started by reunion974, February 03, 2024, 10:08:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 03, 2024, 10:08:53 AM Last Edit: February 03, 2024, 02:02:01 PM by reunion974
I just installed 2 OPNsense physical servers with HA.
As I have only 2 ethernet ports per server, I use multiple VLANS, including one dedicated to pfsync.
All the configuration seem ok, except some connexion problems when CARP swith to backup.

This morning I received messages from MONIT informing that the CARP backup -> master.

On the OPNSENSE Lobby:dashboard/CARP I heve this for the master :
CARP
WAN@1      MASTER   192.168.42.250
SRV@10      BACKUP   192.168.10.1
IoT@20      BACKUP   192.168.20.1
Management@40      BACKUP   192.168.40.1
GUEST@30      BACKUP   192.168.30.1

And this on the slave:
CARP
WAN@1      BACKUP   192.168.42.250
SRV@10      MASTER   192.168.10.1
IoT@20      MASTER   192.168.20.1
Management@40      MASTER   192.168.40.1
GUEST@30      MASTER   192.168.30.1

So it seems that the master firewall is acting as master on the WAN interface but as backup on the vlans on the LAN side, while the backup firewall is acting as backup on the WAN side but as master on the LAN side.

How is it possible? From what I understood, one physical firewall has to manage filtering rules, routing,... to do so it needs to have hand on both LAN and WAN. The firewall task can not be distributed over 2 physical servers, right?
So if I'm right, I should not have internet connexion, but as I'm writing this post the connexion is up!

Any help or explaination will be more than welcome !!!
Thanks a lot :)

EDIT: I found 2 other persons describing this issue. Unfortunately no answer.
Print
Go Up Pages1
User actions