OpenSens HA Sync Interface

[deathnote]

hi all.

How i cant creat auto ha Sync ? Creat it in cron dont work.

And why don sync interfaces and Vlan and etc ?

Thnks.

[deathnote]

HA Auto Sync Work !


Dont Work Interface, DHCP, Vlan ((

How i can in config ?

Thnks

[Patrick M. Hausen]

You can't. You need to create interfaces manually on both nodes. And you must make 100% sure to create them in the exact same order, so e.g. VLAN 1 will become OPT1, VLAN 2 will become OPT2, etc.

[deathnote]

Whot ???

i Have 2300 Vlans ... and DHCP Servesis

And i need to Creat second  opnsense too  2300 Vlans  and DHCP Servesis?

Why it dont sync ?

[Patrick M. Hausen]

DHCP is synced. Interfaces are not. You can export the config on both systems, then adjust and move the interface specific part and re-import the finished file into the second system. It's all XML ...

I am not sure if OPNsense can manage 2300 VLANs, though.

[deathnote]

if i input config into second opnsens, after realod second dont up

And whot is this parametr in DHCP Failover peer IP: ?? cant understund

[Patrick M. Hausen]

You need a dedicated HA sync interface that connects both nodes. The peer address is configured on the master node only - with the address of the backup node. The master node then pushes the configuration to the backup node.

Did you read the documentation?  ;)
https://docs.opnsense.org/manual/hacarp.html

[deathnote]

yes i read. i creat manualy interfase in second opnsense. And dchp syns

but wot it is in Dchp server

Failover peer IP: ???

if i put vip, Dhcp dont work ..

[Patrick M. Hausen]

As far as I understood the documentation on the master node you put the IP address of the backup node in there and vice versa.

Here's another document providing an example setup:
https://docs.opnsense.org/manual/how-tos/carp.html

And here a howto document for the ISC DHCP server, which is what OPNsense uses under the hood:
https://stevendiver.com/2020/02/21/isc-dhcp-failover-configuration/

[deathnote]

Thnks. but steel dont understud.

i have

lan ip Master : 192.168.200.1
Lan ip Slave: 192.168.200.2
Carp Lan ip: 192.168.200.3

Sync ip Master: 10.50.50.1
Sync ip Slave: 10.50.50.2

Ha work on Sync Interface

On Master have ip to Slave.

Synchronize Peer IPP: 10.50.50.2
Synchronize Config to IP: 10.50.50.2


On Slave have ip to Master

Synchronize Peer IPP: 10.50.50.1

in Master i creat just now only one DHCP Vlan231

Ip: 192.168.231.10
DNS servers: 192.168.231.5, 192.168.231.6
GW: 192.168.231.10

Failover peer IP: Dont understud whot i must writn here, if i writin "Carp Lan ip" DHCP dont Work.

In Slave i dont creat DHCP For Vlan231 it's sync

Thnks.

[Patrick M. Hausen]

On the master in System > High Availability > Settings you enter the HA interface IP of the backup, root username and password. So master can sync config to backup. On backup you enter nothing there. You don't want the backup to sync back. OPNsense does not do active-active.

On the master in DHCPv4 > VLANx in the failover peer ip you enter the VLANx IP of the backup.

That's it. It's exactly like that in the docs I linked.

[deathnote]

I dont have the VLANx IP of the backup.

[Patrick M. Hausen]

You need to manually create a VLAN231 ond the master and on the backup and assign IP addresses to both. Then on the master you create a CARP IP on VLAN231 which will be the default gateway and the endpoint for all other services like e.g. DNS in that VLAN. This will be synced.
Then you create DHCPv4 on the master with the proper range for VLAN231, gateway, DNS, yadda yadda ... and as the failover peer you set the IP address of the backup that you used when creating the VLAN231 on the backup.

Each interface/VLAN in a HA setup (apart from the dedicated HA/sync interface) needs

- a fixed static IP address on the master
- a fixed static IP address on the backup, same network, of course
- one or more "floating" CARP addresses in that same network

[deathnote]

For HA I have Sync ip

Vlan231   its local Lan for other divases.
Vlan200  its local Lan for other divases.
Vlan215  its local Lan for other divases.
Etc

Vlan's its nor for Syns or Backup

DCHP All Vlans need when some divases connet this Vlans get ip.


Backup ip its Carp LAN 192.168.200.3 only this

[Patrick M. Hausen]

Yes. I understand. You need to create the VLANs on both nodes. You need to assign a static IP address to the VLANs on both nodes. You need to create and assign the VLANs in exactly the same order on both nodes, so e.g. vlan231 is OPT1, vlan200 is OPT2, etc.

Did you do that? Start with just one vlan, e.g. 231 to see how it works.

Then for DHCP I already wrote everything in my last post. It's all exactl like that in the docs:
https://docs.opnsense.org/manual/how-tos/carp.html

Except they are not using VLANs, but that does not make a difference.

YOU MUST CREATE THE VLANS ON BOTH NODES MANUALLY AND ASSIGN IP ADDRESSES ON BOTH NODES MANUALLY. NONE OF THIS HAPPENS BY MAGIC.