OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion (Moderator: fabian) »
  • [solved] Routing VIP to VIP (Connect two OPNsense-Cluster over virtual IP)
« previous next »
  • Print
Pages: [1]

Author Topic: [solved] Routing VIP to VIP (Connect two OPNsense-Cluster over virtual IP)  (Read 61 times)

l.gremme

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
[solved] Routing VIP to VIP (Connect two OPNsense-Cluster over virtual IP)
« on: November 22, 2019, 01:38:05 pm »
I have a Multi-WAN with two internet connections. The first one is a fibric, connected to the first Switch. The second one is a VDSL. The fabric have some virtual (public) IP-addresses. The OPNsense is working in a Cluster of 2 Nodes. The Cluster is connected in our DMZ-Network and have 1 virtual IP.

We provide a second Cluster for the internal Traffic for our environment. Every network gets a smaller Subnet of 10.0.0.0/8 Network in one VLAN (e.g. 10.1.1.0/24).

I have Routing Problems to connect the second Cluster with the virtual IP 192.168.0.160 to the first Cluster 192.168.0.150. I check the first Cluster with one PC in the DMZ an I have a good connection with one or two pings failed.

I check the second Cluster with the same PC in another Subnet (no blocking everything), I get only one or two pings back from 1.1.1.1 or 8.8.8.8.

Version OPNsense: 19.7.6

If I create in the second Cluster a Gateway-Group with the real IPs of OPNsense in the first Cluster, I will get every response. If I use the virtual IP of the first Cluster, I get one or two responses (10 ICMP-Requests). What is the problem?

Grettings
Lars

Code: [Select]
        WAN                   WAN
         :                     :
         : Ethernet            : VDSL
         :                     :
:               -----------
         :               |  Router  |
         :               ------------
         :                     |
         -----------------------
         |  Switch (redundant) |
         -----------------------
           |                 |
           |                 |
           |                 |       Multi-WAN with Backup
      -----------      -----------
      | OPNsense |-----| OPNSense|
      ----------- HA-1 -----------
           |     CARP        |
  x.x.x.151|  VIP x.x.x.150  | 192.168.0.152/24
           ---------------------
           |       DMZ         |
           ---------------------
           |    CARP         |
  x.x.x.161|  VIP x.x.x.160  | 192.168.0.162
     -----------          -----------
     | OPNsense |---------| OPNSense |
     -----------  HA-2    ------------
         |                   |
         |                   |
         ---------------------
         |  Internal Net VIP |
         ----------------------
« Last Edit: December 04, 2019, 10:11:43 pm by l.gremme »
Logged

l.gremme

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: [solved] Routing VIP to VIP (Connect two OPNsense-Cluster over virtual IP)
« Reply #1 on: December 04, 2019, 10:13:18 pm »
The problem is the vhid in the virtual ip.
Every Firewall-Cluster have the same vhid in our dmz-vlan. I changed the vhid of one firewall-cluster and it works.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion (Moderator: fabian) »
  • [solved] Routing VIP to VIP (Connect two OPNsense-Cluster over virtual IP)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2