Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
High Availability with multiple public IP as IP Alias
« previous
next »
Print
Pages: [
1
]
Author
Topic: High Availability with multiple public IP as IP Alias (Read 1299 times)
Elia99
Newbie
Posts: 9
Karma: 0
High Availability with multiple public IP as IP Alias
«
on:
February 19, 2024, 06:25:20 pm »
Hello there,
I configured two OPNsense firewalls (23.1.6) in HA mode.
My ISP provides a public subnet X.X.X.X/28, so I have one fixed IP configured on my WAN side, a virtual IP for HA in CARP mode and several public IP Alias on which several services are port forwarded to our internal servers (please see the attached image).
My question is (due to the fact that I'm not able to find anything in the manual about multiple public IP and OPNsense HA): is this High Availability setup correct from a WAN prospective? Have I handled those public IPs correctly? Thanks!
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1601
Karma: 176
Re: High Availability with multiple public IP as IP Alias
«
Reply #1 on:
February 19, 2024, 07:14:17 pm »
Yes you use one CARP VIP with the virtual public IP address for the Firewall ( with /28), two IP addresses (/28) on each WAN interfaces of the HA firewalls, and add all additional ones as normal IP Alias ( /32) with the same vhid group as the public CARP VIP.
If you want to use all Public IP addresses in HA you can also set your WAN interfaces to IPv4 none so you can have the whole subnet as 1 Carp + IP Aliases.
https://forum.opnsense.org/index.php?topic=34955.msg169303#msg169303
Running that with loads of IP addresses and it works fine. (/26 and an additional /28 net on same HA setup)
«
Last Edit: February 19, 2024, 07:18:47 pm by Monviech
»
Logged
Hardware:
DEC740
Elia99
Newbie
Posts: 9
Karma: 0
Re: High Availability with multiple public IP as IP Alias
«
Reply #2 on:
February 20, 2024, 11:31:18 am »
Thank you Moviech for the comprehensive reply!
I just added the same vhid value to IP Alias IP addresses.
For now, I'm satisfied with this setup, thanks again.
Logged
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: High Availability with multiple public IP as IP Alias
«
Reply #3 on:
February 20, 2024, 11:45:28 am »
Shouldn't all the aliasas be CARP addresses?
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: High Availability with multiple public IP as IP Alias
«
Reply #4 on:
February 20, 2024, 11:52:08 am »
That would imply separate VHIDs for each one and lots of CARP traffic on that network. Can be quite relevant if you want to "HA" e.g. a complete /26 and up ... like we currently do @Hetzner for one project.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
High Availability with multiple public IP as IP Alias