[solved] High Availablity setup, CARP and accessing the internet (VM setup)

[brolf]

In preparation for a OPNsense Rollout I am testing the High Availablity setup with VirtualBox.

In short I can not access the WAN from the LAN even tho the OPNsense nodes can.

Following the documentation https://docs.opnsense.org/manual/how-tos/carp.html I came up with this setup:

	192.168.178.0/24				192.168.1.0/24
	/	192.168.178.151 WAN	VM OPNsense1	192.168.1.1   LAN	\
FritzBox/AVM Router	-	192.168.178.10   WAN VIP	CARP	192.168.1.10 LAN VIP	-	VM Debian Test Client
	\	192.168.178.152 WAN	VM OPNsense2	192.168.1.2   LAN	/

There also exists a direct connection between the two OPNsense VMs for pfSync (10.0.0.1 and 10.0.0.2).

I summed up the behavior in this list:

• The syncronisation seems to work.
• I can't access the internet or the WAN on the Debian client and my reqests don't show up in the firewall log
• Pinging the OPNsense nodes directly works.
• I tried to ping the LAN VIP and got no response.
• However using arping i get a response from this address.
• Furthermore DNS resolve works on 192.168.1.1 and 192.168.1.2 but not on 192.168.1.10

I could not find any helpful information regarding this issue and would be grateful for help and hints.    ;)

[brolf]

I solved the issue, for all other people struggling with the same problems:

• In the WAN interface configuration on both OPNsense machines make sure that Block private networks and Block bogon networks are not activated!
• In the configuration of the Hypervisor (VirtualBox) make sure all OPNsense network interfaces are allowed to use the promiscuous mode!