Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
CARP with DHCP on WAN
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: CARP with DHCP on WAN (Read 24261 times)
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #15 on:
January 19, 2022, 03:16:46 pm »
I'm 99% of the way there.. I can get the backup WAN interface to come up (Still trying to figure out how to get both WAN interfaces up) but they aren't passing traffic. I'm trying to figure out how to mod the script to down the WAN interface and up it properly when there is a failover. As it stands, I have 2 scripts set to execute but only the first one is working. A couple questions:
the ifkey.. I assume that the "wan" is just a placeholder.. i've changed that variable to the interface (igb4) and it appears to be working. The second script has igb5 and is not working. Any ideas?
Thanks again. you guys solved a problem that has been vexing me for a while.. now if I could just get both WAN interfaces working.
Logged
spali
Newbie
Posts: 8
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #16 on:
January 19, 2022, 03:24:05 pm »
Not sure why igb4 is working at all.
It's the interface key in the config.xml.
So lowercase of the internal interface name. i.e. lan, wan, opt1, opt2 etc.
Don't mix it with the name you gave to the interface. You can see these in the "Interfaces" -> "Overview" behind the interface in brackets (the first one before comma).
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #17 on:
January 19, 2022, 03:33:13 pm »
Awesome.. I couldn't figure out how to get that to work.
Another question.. your git has "install on backup router".. I would assume that I have to down the WAN on the primary router as well, no?
Thank you again!
Logged
spali
Newbie
Posts: 8
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #18 on:
January 19, 2022, 04:25:31 pm »
Not sure if I got your question.
But you need the script on both routers.
But during setup I recommend to disable the WAN(s) on the BACKUP router manually to not have both enabled at the same time. On the MASTER you could leave the interface enabled.
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #19 on:
January 20, 2022, 03:36:32 am »
Spali, thanks for the assistance... I have the failover workingish.. when my backup comes up, the interfaces come up and the system runs the newwanip script for both, but I don't get an IP address or an active gateway.
I am using a managed switch and have dhcp snooping off, the ISP modem and both interfaces in the same VLAN (L2 only, unrouted), and I'm spoofing the MAC from my primary to my backup. Still going through some ideas on what is happening.. Wondering if I should be spoofing the MAC address on my backup somewhere other than in the GUI. I'm currently just spoofing the primary router's WAN MACs on the secondary router.
Logged
spali
Newbie
Posts: 8
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #20 on:
January 20, 2022, 09:18:06 am »
Regarding the MAC, maybe you need to sniff the DHCP traffic to find out whats wrong (probably mac spoofing not working properly?). In my case I have two virtual machines. So I spoof the mac on the virtual network card. I have it entered in the GUI too, but maybe this doesn't really work? If your routers are virtual, then don't forget to enable promiscuous mode.
do you use my version of the script with
write_config
and
interface_configure
or a custom one?
I'm asking because I had a similar problem as I just started with a script das does just start and stop the interface. The version that uses the configuration interface of opnsense kicks in a lot of reconfiguration tasks that may help.
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #21 on:
January 20, 2022, 02:10:19 pm »
I am definitely game to try something new. I'm using your script from the git linked in this thread.
I'm playing with some settings on my managed switch to see if that's the culprit. I'm going to stick a cheap netgear switch on the primary Lan to rule out anything blocking traffic (STP is disabled, DHCP snooping off, and I've disabled the mac-move limitation on this switch).
I actually see my interfaces on the backup come up just fine.. they appear to get the same IP address that the WAN Primary had, though I'm not sure if it's because the dhcp lease was sync'd from the primary or if it's requesting a refresh. Either way, my gateways do not come up (I've tried with monitoring on and disabled.. same end result).
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #22 on:
January 20, 2022, 04:01:40 pm »
I am onto something here. I noticed that my gateways weren't working properly (I have 2 gateways configured and 2 gateway groups). To rule out gateway configuration, I deleted all of them and tried again (with a single wan for now) and boom.. missed one ping and back up.
Also finding that the gateway configuration is quite sticky.. not sure where it's hooked but I can't get rid of it. I had a gateway called "Verizon_WAN_DHCP" and noticed that the Verizon interface was coming up with a new GW "Verizon_WAN_GW".. that second GW isn't configured in the GUI. I checked the config file and all references to it are gone, but when I fail over, it pops back up. Very odd I think.
I also noticed that my switch (Juniper EX2200) was learning the MAC on the primary port, but when I switched over, I see that the MAC is still tied to the primary port. I set up both ports going to my router as no-mac-learning.. and that seems to have bypassed anything the switch is causing. Now the transaction is between the ISP device and my router, leaving DHCP snooping and other security features (for this vlan anyway) on the nightstand.
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #23 on:
January 20, 2022, 05:34:40 pm »
It's all working. The gateway is still wonky on the primary (I can't seem to delete my old gateway, but a new one pops up and works great). I had to disable dhcp snooping on my WAN VLANs on my managed switch. Disabling snooping didn't work alone, though. I had to disable mac-learning as well. I lose 1 ping and all is well. My secondary WAN (Spectrum) comes up quite slowly but that's OK. They suck.
Logged
spali
Newbie
Posts: 8
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #24 on:
January 20, 2022, 05:46:58 pm »
Great, nice to hear a success
Logged
DocGonzo74
Newbie
Posts: 19
Karma: 2
Re: CARP with DHCP on WAN
«
Reply #25 on:
January 20, 2022, 05:59:11 pm »
Thanks Spali for being awesome and helping me a bit. You are awesome.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
CARP with DHCP on WAN