Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
HA when OPNsense also acts as a WAN router
« previous
next »
Print
Pages: [
1
]
Author
Topic: HA when OPNsense also acts as a WAN router (Read 1869 times)
daudo
Newbie
Posts: 22
Karma: 4
HA when OPNsense also acts as a WAN router
«
on:
December 20, 2023, 03:56:28 pm »
Hi all,
I'm just planning a new OPNsense deployment where we have been assigned a public /28 network plus a public gateway address from a different /29 range. Both the public /28 network and the gateway are being managed by OPNsense, see the attached image for an graphic description.
So in other words, OPNsense acts as a router via the public 1.2.3.2/29 address and as a firewall for the /28 public addresses.
This has been working as a standalone installation for a while, but now I need to convert this into a more failsafe version.
As far as I understood from reading the docs, doing some research on the FreeBSD forums and google in general, the only thing that can be made highly available are the public /28 adresses, but not the gateway/router functionality. We've been assigned only one gateway address out of the /29 upstream network and afaik CARP on the other hand requires 3 public IPs to achieve HA. Is that correct or did I miss something here?
One way I can think of was asking to my ISP to assign us more than one IP from the /29 upstream network and then configure a different metric value for the two potential routes into our public /28 network in their routers, but I have no clue if they would do it and also, if I could make this work in OPNsense.
Another option I can think of is to squeeze a dedicated router between upstream and OPNsense, but that wouldn't exactly be highly available ...
Or is there another reasonable way to do this?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1604
Karma: 176
Re: HA when OPNsense also acts as a WAN router
«
Reply #1 on:
December 20, 2023, 06:00:07 pm »
CARP doesn't need 3 IP addresses. You can also do it with one.
https://forum.opnsense.org/index.php?topic=34955
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
HA when OPNsense also acts as a WAN router