HA CARP VIP question

Started by litebit, November 25, 2023, 02:22:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 25, 2023, 02:22:03 PM
Hi,

I'm trying to migrate from a single Opnsense to a dual HA Opnsense setup.
Lan side only (each opnsense box would be connected to a different isp). Most important for me would be to keep configuration/settings (alias, rules, dhcp, dynamic dns, openvpn, ....) in sync.
I don't mind sessions needing to be restarted when the failover takes place.

The first question: can the VIP on the LAN site also be used to access & manage the master box?
example:
node 1 has IP .2 (=master)
node 2 has IP .3 (=backup/slave)
VIP = .1
Can node 1 also be managed (via the GUI) via the .1 address?

November 25, 2023, 03:10:43 PM #1
Yes, sure.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 29, 2023, 10:41:20 AM #2
It didn't work when I was preparing the HA setup, I guess it only works once the HA setup is active.
Now it works.
December 15, 2023, 04:23:24 PM #3
Even though I have HA active, the CARP interfaces still don't work. Neither for the LAN interface nor for the WAN interface.
April 22, 2024, 10:03:07 AM #4
I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.
Print
Go Up Pages1
User actions