Master/Backup status for WAN and LAN interfaces simultaneously

[skocdopolet]

Hello,

We have installed two OPNsense nodes (in virtual environment with Proxmox). On both firewalls are configured two virtual IPs - one for WAN interface and one for LAN interface.

We have sometimes found unexpected behavior when first OPNsense node has MASTER for WAN and BACKUP for LAN interface and second OPNsense node has BACKUP for WAN and MASTER for LAN interface.

We dont know why firewalls are getting into this broken state.

I think this behavior should be controlled via: System: High Availability: Settings: Disable preempt. We have this checkboxes UNCHECKED on both firewalls. I read documentation and I did some searching on the internet and I am thinking when this option is unchecked, firewalls are switch all other interfaces when one fails. So I thing this settings is correct.

The virtual IPs are configured this way:
First OPNsense

Code Select Expand

172.20.0.254/22 101 (freq. 1/0) LAN CARP LAN-GW  
178.238.37.27/26 100 (freq. 1/0) WAN CARP WAN-CARP

Second OPNsense

Code Select Expand

172.20.0.254/22 101 (freq. 1/100) LAN CARP LAN-GW  
178.238.37.27/26 100 (freq. 1/100) WAN CARP WAN-CARP

By the way, we have turn off MAC filter on Proxmox firewall.

Could please anyone help me solve this problem?

Thank you!
Regards Tomas

[Monviech (Cedrik)]

Did you allow the CARP protocol in a firewall rule for all interfaces with VIPs?

[skocdopolet]

Thank you Monviech for reply.

I think yes, I have firewall rules set correctly. CARP protocol is allowed on all interfaces with VIP by Automatically generated rules. I think it should be OK.

[reunion974]

Hello @skocdopolet,
I have the same issue. Did you solve the problem? any progress?