OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • How to get redundant routing to work
« previous next »
  • Print
Pages: [1]

Author Topic: How to get redundant routing to work  (Read 1733 times)

sesquipedality

  • Newbie
  • *
  • Posts: 44
  • Karma: 4
    • View Profile
How to get redundant routing to work
« on: July 05, 2020, 10:58:34 am »
My current OPNSense config involves 2 opnsense routers - call them "router1" and "router2".  Router1 connects to a Virgin uplink.  Router2 connects to a Vodafone uplink.   Both routers share a CARP virtual IP, 192.168.5.1, with router1 having higher priority and being the master.  They do not share firewall config because they have different interfaces attached, but dhcp and unbound are synced across from router1 to router2 using the OPNsense HA features on a dedicated direct static ethernet link between them.  The network is configured to use the CARP address for DNS and routing.

What works OK - when router1 goes down, router2 transparently takes over, and there is no interruption in network service.

What doesn't work OK - when the Virgin router goes down, router1 keeps hold of the CARP link and does not allow router2 to step in.

I've played about with trying to create a multi-WAN gateway to route traffic to the internet via the dedicated link from router1 to router2 on router1, but I can't even get the gateway to come up.  Adding a static route to 0.0.0.0/0 via the dedicated interface didn't help, nor did enabling the "static route filtering" option on router1.

What I'd like to be able to do is one of the following

1) Have router2 become the CARP master when router1 has no internet access; or
2) Allow router1 to send internet traffic via router2 when its own  uplink is down

What is the best way to achieve this, please?
Logged

sesquipedality

  • Newbie
  • *
  • Posts: 44
  • Karma: 4
    • View Profile
Re: How to get redundant routing to work
« Reply #1 on: July 06, 2020, 11:46:45 am »
I think that option 1 may be achievable using scripting.  If we set CARP base to 1 with skew 0 on router1 and base to 1 with skew 50 on router2, then it should theoretically be possible to force router1 to CARP state backup by using

Code: [Select]
sysctl net.inet.carp.demotion=100
And then when the link comes back allow it to become master again by using

Code: [Select]
sysctl net.inet.carp.demotion=-100
The issue then becomes how to detect no traffic on the wan.  I've looked at what monit is doing, but its gateway monitoring doesn't appear to give any more detail than a change in state, and I'm not sure how to integrate a script into it anyway.

is there some way to pull this status from OPNsense?  Ideally I'd want this to be checking every second.  I have literally no PHP skills, so something I can use from a bash script would be ideal.

(Source for the CARP configuration: https://lists.freebsd.org/pipermail/freebsd-stable/2017-March/086882.html)
« Last Edit: July 06, 2020, 12:10:48 pm by sesquipedality »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • How to get redundant routing to work
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2