Multiple WAN VIP aliases causing internet drop outs

Started by adam.blackburn, February 20, 2020, 06:40:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 20, 2020, 06:40:31 AM
Hi all,

I'm running into an issue with a new set up and not sure what is going wrong.
I have two virtual OPNsense instances set up in HA which is working and all traffic is going out on our default WAN IP without issue

For reference, the CARP WAN interface is using vhid 1

I added a WAN IP alias on vhid 1 and set up a NAT outbound for an internal machine and that is working as expected
I tried adding another WAN IP alias on vhid 1 and once I click apply, my internal machines begin experiencing drop outs (about 50%)

I am assuming it is trying to route out both WAN IPs but not sure what the next step is to correct that.

I will have about 10 WAN IP addresses that I need to set up so hopefully I'm just missing a step

Any ideas?

Thank you
February 20, 2020, 10:07:35 AM #1
I believe I figured it out, for anyone who ever looks at this in the future:

You don't need to set the vhid unless you do wan the traffic to go out both wans like a round robin type of deal it seems

My second issue ended up being an issue upstream. If I didn't have the issue upstream then my issue would have been figuring out why its going out via both WANs! Which again would be due to the vhid being set

Sorry for posting when not needed, maybe it will help someone else
March 08, 2020, 10:18:25 PM #2
Thanks for posting this. I am just having the same issue ;-). And the documentation is leading us in this direction https://wiki.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips:
QuoteSince adding a VHID for every IP would make the CARP traffic very noisy, you can also add a new IP Alias and choose the correct VHID where the first CARP IP is configured
.
March 17, 2020, 04:05:27 PM #3
Hello Guys,

i have read all relative posts but i'm not yet figure out what to do. i have similar issue.
my old post is here but no replies yet:  https://forum.opnsense.org/index.php?topic=15963.msg73105#msg73105

So if you have any recommendations to try, i will be pleased.

Basically i'm trying to configure HA with dedicated interface for Sync as the documentation.
Sync and Lan are ok, and also carb vip's are ok.

My issue is on WAN. There is an FTP Server with port forwarding (obviously on a single IP), so the cluster has to serve the same WAN. my ISP modem can give me /29 (5 public ip's available + 1 gateway). 
33 GW - 34-38 IP's (FTP Server is on 35).

Any ideas?? Thank you.

April 02, 2020, 01:54:43 PM #4
Hi,

I just did a new test creating an IP Alias with a vhid and to my surprise it is now working as expected!! This is on 20.1.3 and probably our problem was fixed in the meantime?

Henning
Print
Go Up Pages1
User actions