Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
[solved] High Availablity setup, CARP and accessing the internet (VM setup)
« previous
next »
Print
Pages: [
1
]
Author
Topic: [solved] High Availablity setup, CARP and accessing the internet (VM setup) (Read 1873 times)
brolf
Newbie
Posts: 4
Karma: 0
[solved] High Availablity setup, CARP and accessing the internet (VM setup)
«
on:
May 18, 2020, 04:36:00 pm »
In preparation for a OPNsense Rollout I am testing the High Availablity setup with VirtualBox.
In short I can not access the WAN from the LAN even tho the OPNsense nodes can.
Following the documentation
https://docs.opnsense.org/manual/how-tos/carp.html
I came up with this setup:
192.168.178.0/24
192.168.1.0/24
/
192.168.178.151 WAN
VM OPNsense1
192.168.1.1 LAN
\
FritzBox/AVM Router
-
192.168.178.10 WAN VIP
CARP
192.168.1.10 LAN VIP
-
VM Debian Test Client
\
192.168.178.152 WAN
VM OPNsense2
192.168.1.2 LAN
/
There also exists a direct connection between the two OPNsense VMs for pfSync (10.0.0.1 and 10.0.0.2).
I summed up the behavior in this list:
The syncronisation seems to work.
I can't access the internet or the WAN on the Debian client and my reqests don't show up in the firewall log
Pinging the OPNsense nodes directly works.
I tried to
ping
the LAN VIP and got no response.
However using
arping
i get a response from this address.
Furthermore DNS resolve works on 192.168.1.1 and 192.168.1.2 but not on 192.168.1.10
I could not find any helpful information regarding this issue and would be grateful for help and hints.
«
Last Edit: May 19, 2020, 01:22:07 pm by brolf
»
Logged
brolf
Newbie
Posts: 4
Karma: 0
Re: Problems with High Availablity setup, CARP and accessing the internet (VM setup)
«
Reply #1 on:
May 19, 2020, 01:20:20 pm »
I solved the issue, for all other people struggling with the same problems:
In the WAN interface configuration on both OPNsense machines make sure that
Block private networks
and
Block bogon networks
are
not
activated!
In the configuration of the Hypervisor (VirtualBox) make sure all OPNsense network interfaces are allowed to use the
promiscuous mode
!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
[solved] High Availablity setup, CARP and accessing the internet (VM setup)