Nginx not working on CARP address

[steilfirn_8000]

Hello there,

I just started to test the Nginx plugin to use it as a reverse proxy.
When running it on the firewall IP it works as expected but as soon as I use my CARP IP I am no longer able to connect to the site.

Is this a know behaviour or a bug?

[Monviech (Cedrik)]

Your CARP VIP needs the same subnet as the Interface IP Address it resides on.

If your parent interface is /29, the CARP VIP also needs /29.

That's my guess without knowing your configuration.

Also check your firewall rules if clients are allowed to connect to the CARP VIP.

[steilfirn_8000]

I have configured my VIP including my /28 subnet.
And if I configure Nginx to exclusively use it I can also see that's listening on it. But it's not serving anything

[Monviech (Cedrik)]

Have you tried to use curl from the Firewall SSH Shell itself to communicate with NGINX? It's a good way to troubleshoot it. If it gives responses, the next thing I would check is the firewall rules.

[steilfirn_8000]

I think I found the issue:

My CARP VIP sits on OPNsense 1 while OPNsense 2 is acting a backup.

What is strange is that Nginx is using the VIP on my OPNsense 2 instead of 1st OPNsense.

[steilfirn_8000]

And as I initially wanted to set up a full working Nginx on just OPNsense 1 before I sync the settings over to OPNsense 2 I had those issues.

[steilfirn_8000]

Okay I think the main issue was that OSPF was stuck at the INIT state.
Not sure why OPNsense 1 did not sync with the other OPSF routers.