Is this HA config possible ?

Eloïse · January 23, 2023, 09:52:05 PM

Hello, I'm quite new to opnsense, I've installed opnsense as a front router in a proxmox VM just behind a fiber ONT.
It works perfectly but now I want to consolidate this setup by adding another opnsense in HA cluster and adding an LTE box as a failover if fiber ISP is failing.
Can I make this :

________
Opnsense1 wan1-----ı switch ı
ı ı------ONT
Opnsense2 wan1-----ı ı
––––––––
-----------
Opnsense1 wan2-----ı switch ı
ı ı------LTE box
Opnsense2 wan2-----ı ı
––––––––

Thanks for your help.

WaffleIron · January 29, 2023, 06:49:10 PM

Hi Eloïse,

I think you are really asking two questions here.
1. How do you make the LTE circuit a failover circuit.
2. How can you apply this failover logic to a set of opnsense boxes running in HA.

For question 1, I think what you are looking for is a gateway group. You essentially create a group that contains your different gateways (ONT and LTE) and give each gateway a priority so one is preferred over another until it fails or has performance issues like packet loss and latency.
https://docs.opnsense.org/manual/multiwan.html

For question 2, in order for multiple boxes to share a WAN connection the circuits must be larger than a /30 (255.255.255.252) since you need to use 3x IP address (1x for service provider, 1x for opnsense1, 1x for opnsense2). Assuming this is not a problem, you would simply create the same gateway group on each box where ONT is preferred until it fails which activates LTE. Would look something like the attached.

rodgers-95 · February 07, 2023, 07:32:32 PM

Hello,

I have almost the same configuration (with ADSL and PPPoE connection instead of LTE) and it is possible. However, I currently have a little problem with the use of ONT because I don't have a router upstream (https://forum.opnsense.org/index.php?topic=32377.0)

Is this HA config possible ?

Eloïse

January 23, 2023, 09:52:05 PM

WaffleIron

January 29, 2023, 06:49:10 PM #1

rodgers-95

February 07, 2023, 07:32:32 PM #2