Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
HA/CARP, routed subnets and needed IPs
« previous
next »
Print
Pages: [
1
]
Author
Topic: HA/CARP, routed subnets and needed IPs (Read 4397 times)
hcso-tm
Newbie
Posts: 13
Karma: 0
HA/CARP, routed subnets and needed IPs
«
on:
October 26, 2021, 03:15:36 pm »
Hi,
I´m trying to wrap my Head around the possible configurations of CARP on our WAN side.
Our Addresses are:
XX.XX.212.243/31 OPNSense WAN (Gateway XX.XX.212.242)
Additionally our Provider routes two /29 Subnets to XX.XX.212.243
XX.XX.212.248/29
XX.XX.237.192/29
Were able to use all 16 Adresses from the /29 Nets as Client or VirtualIPs.
I do see two options:
1) we need to 1:1 NAT our main Address onto another Address like 10.0.0.1, used as CAPR-VIP, add 2 "normal" Wan Interfaces 10.0.0.2 and 10.0.0.3 and use XX.XX.212.242 as Far Gateway
2) we ask our Provider to move the allocation like so:
XX.XX.212.248/29 as our "main" Subnet
XX.XX.212.249 Gateway
XX.XX.212.250 CAPR-VIP<- XX.XX.237.192/29 and XX.XX.212.242/31 routed there
XX.XX.212.251 WAN FW1
XX.XX.212.252 WAN FW2
XX.XX.212.253 & 254 Usable as Client or "normal" Virtual IP
Is there a third option? I dislike the additional NAT (mainly because we need a Site to Site IPSec tunnel which dislikes NAT) and Option 2 sounds like a lot of work.
Thanks in Advanced
Logged
clarknova
Full Member
Posts: 101
Karma: 6
Re: HA/CARP, routed subnets and needed IPs
«
Reply #1 on:
October 28, 2021, 10:30:05 pm »
I don't think option 1 is going to work unless your provider is using a PtP connection like PPP or is willing to set up static arp, but I wouldn't count on it.
Option 2 would work, leaving you 2 VIPS for NAT and XX.XX.237.192/29 as a routed subnet.
A /31 network is mostly useless for any CARP setup unless you're going to also add one to your WAN as a VIP with a PtP from the provider.
I would start fresh and ask exactly how many public IPs you want on your LAN. This will determine the size of your routed subnet(s), accounting 3 addresses for CARP. Then ask your provider for 3 public IP addresses in a single network for your WAN side in addition to your LAN subnet(s).
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: HA/CARP, routed subnets and needed IPs
«
Reply #2 on:
October 29, 2021, 06:49:49 am »
The second mostly works only when ordering a new line. Head overvto your ISP and tell them you want a PE from them offering /29. This is possible for e.g. Colt in Germany
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
HA/CARP, routed subnets and needed IPs