OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • High availability »
  • HA not working on hyper-v lab
« previous next »
  • Print
Pages: [1]

Author Topic: HA not working on hyper-v lab  (Read 1806 times)

olthana

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
HA not working on hyper-v lab
« on: November 16, 2022, 09:31:59 pm »
Hi,
I'm planning to set a opnsense cluster on two physical machine, before that I want to test the configuration on a lab running on hyper-v.

I made 3 vswitch, one external, and two private (lan and pfsync), mac spoofing is enable on all of them.
I follow this documentation to proceed https://docs.opnsense.org/manual/how-tos/carp.html
On the attachment you can see my network configuration.

The firewall rules on the WAN interface is :
IPv4 CARP   *   *   *   *   *   *

LAN :
IPv4 CARP   *   *   *   *   *   *

PFsync :
IPv4 *   *   *   *   *   *   *

My issue is when i try the replication between master and backup as per said in the official documentation, it failed and i just have "The backup firewall is not accessible or not configured"

If i reboot the master it will try to contact the backup failed again, nothing is synchronized.

What did I do wrong, what logs can i check to troubleshoot my issue ?
Logged

WaffleIron

  • Newbie
  • *
  • Posts: 17
  • Karma: 3
    • View Profile
Re: HA not working on hyper-v lab
« Reply #1 on: December 28, 2022, 01:54:31 am »
Hi Olthana,
A few questions and comments on your setup as mine is very similar but on ESXi.

First, when you use the term "private switch" I read that to mean the vswitches you created don't have any physical uplinks?  Assuming that's true, how do you expect a VM on two different physical boxes to communicate if they have no physical interface to send traffic out?  :)

Second, is there a reason you want to use different vswitches instead of one and just use different vlans for segmentation?  If you go this path just remember to create the layer 2 vlan on all the switches connecting the two physical servers together or they still won't be able to communicate.

Third, as the GUI implies HA uses a multicast address to communicate between the two boxes.  If you have trouble with multicast working you can change this to unicast (box 1 sets peer to 172.16.0.2...box 2 sets peer to 172.16.0.1).  That will fix you for HA but you will probably have the same issue with CARP since it uses multicast as well.  Again, not a hyper-v guy so I can't provide much guidance but in the ESXi world you can enable promiscuous mode, mac address changes, and forget transmits to help support non-unicast communication.

Hope this helps.

Last
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • High availability »
  • HA not working on hyper-v lab
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2