Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Trouble setting up HA Wireguard server
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trouble setting up HA Wireguard server (Read 696 times)
roboalex
Newbie
Posts: 2
Karma: 0
Trouble setting up HA Wireguard server
«
on:
March 05, 2024, 11:27:51 am »
Hi,
I am running two OPNsense VMs (24.1.2_1) in HA on a vCenter cluster. I am using them mainly as a Wireguard server hanging off of a firewall, with a single virtual NIC per node and outbound NAT disabled. CARP and the HA sync seem to work perfectly after enabling Net.ReversePathFwdCheckPromisc on the ESXi hosts.
The one problem I have is that I currently only have a WG1 interface for Wireguard on Node1, but not yet on Node2, meaning that Wireguard doesn't fail over properly when the CARP master changes.
When I add the WG1 interface to Node2 under Assignments (with the same name and configuration) and trigger a config sync from Node1, the sync never completes and the "System -> High Availability -> Status" page fails to load completely afterwards. Simply rebooting the nodes or removing the WG1 interface from Node2 doesn't fix the problem, the only way I could find to repair the HA cluster was to restore a backup on Node2, then trigger a sync from Node1.
The Wireguard config itself is correctly synced before adding the interface and is set to depend on the CARP VIP.
Did I set something up in the wrong order? Or is there a mistake in my thinking?
Thanks in advance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Trouble setting up HA Wireguard server