Stateful PPPoE/CARP possible?

Started by rgray99c, February 23, 2024, 10:12:13 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 23, 2024, 10:12:13 AM
Hey, so I have two instances (VM's) of opnsense, wanting to set up HA, but my internet is a PPPoE connection, where im assigned a static IP. I also have a routed /29 subnet from my ISP (Routed via my static /32 IP. Is it possible to set up a stateful failover for when my primary VM goes down (Happens very often) Or have I wasted money on the /29 subnet?
February 23, 2024, 10:40:16 AM #1
Only if you add a third box doing the PPPoE termination. Otherwise the PPPoE connection needs to bounce between the two HA boxes in active/passive fashion.


Cheers,
Franco
February 23, 2024, 10:51:38 AM #2
I also ran this productively for a while. It wasn't a good experience when the HA script terminated the PPPoE session and started it on the other OPNsense in case of a failover. Weird things happened, like the IPv6 Track Interface not working properly (sometimes). Most problems were IPv6 related though.

I would really make sure to do PPPoE Termination.
Hardware:
DEC740
February 23, 2024, 11:32:07 AM #3
Would this have worked with a dhcp capable isp as opposed to PPPoE?
February 23, 2024, 01:23:42 PM #4 Last Edit: February 23, 2024, 01:28:20 PM by Monviech
I don't understand, PPPoE is for encapsulating and decapsulating packets. DHCP is for auto configuring IP addresses.

So what works best would be a provider, where the termination offers ethernet without PPPoE. Then you would also need static IP addresses, since the CARP VIP can't be configured to be a dynamic IP address. One static /32 IP address would be sufficient, both firewalls can be set to IPv4 None on their WAN, and only the CARP VIP would have that /32 IP address. Then you can also get your other /29 net routed like that.
Hardware:
DEC740
February 23, 2024, 01:38:33 PM #5
In System -> HA -> Settings there is a setting called "Disconnect dialup interfaces", which is supposed to do what you want, but in my experience it does not work well.
February 23, 2024, 02:51:58 PM #6
Quote from: bimbar on February 23, 2024, 01:38:33 PM
In System -> HA -> Settings there is a setting called "Disconnect dialup interfaces", which is supposed to do what you want, but in my experience it does not work well.

Yeah it's a gamble, that's what I referenced in an earlier post. If it actually works it was pure luck and the cosmos was on your side.
Hardware:
DEC740
September 06, 2024, 09:28:43 AM #7
Is this still an issue?
We have a Customer with one leased line and one pppoe for backup. Often the connection is sticked on the slave and does never come back to the master-node. We then need to reboot the slave to get the PPPOE-Connection back online on the master.

I guess it is not used to work like this?
September 08, 2024, 08:27:05 AM #8
Quote from: franco on February 23, 2024, 10:40:16 AM
Only if you add a third box doing the PPPoE termination. Otherwise the PPPoE connection needs to bounce between the two HA boxes in active/passive fashion.


Cheers,
Franco

Hi ,
Would a third Opnsense device as PPPoE termination a recommended option for this scenario?
Regards 
September 09, 2024, 11:05:32 AM #9
That would work, but something like a small Linux router capable of forwarding the full speed PPPoE connection would be my recommendation then, even a FritzBox. This make more sense than adding a third OPNsense in need of administration (and you still have the no HA problem there...).


Cheers,
Franco
Print
Go Up Pages1
User actions