Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
CARP or no CARP
« previous
next »
Print
Pages: [
1
]
Author
Topic: CARP or no CARP (Read 674 times)
tsystem
Jr. Member
Posts: 55
Karma: 1
CARP or no CARP
«
on:
May 22, 2024, 09:53:24 pm »
Hi,
Just a little questions to be sure my configuration can be usefull or if it's not a good idea to work this way.
At he begining i was imaging to make a full redondant configuration with 2 separate fibers to Combin Balancing & Failover. I hope to do that with a full redondant configuration (CARP).
But bad news today, each fiber only provide 1 public IP so i can use virtual IP on the WANs side.
Is it possible to work with CARP only on the LAN side and switch ethernet cords on from one server to the other one when Master conf are not available ? ( please see images about what i can do)
Thanks by advance for your vote
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1597
Karma: 176
Re: CARP or no CARP
«
Reply #1 on:
May 22, 2024, 10:06:22 pm »
You can use CARP Vips without configuring an IP address on its parent interface.
So you can leave WAN on IPv4 none on both Firewalls and put the WAN addresses as CARP VIPs on them and it will work during a failover.
Logged
Hardware:
DEC740
tsystem
Jr. Member
Posts: 55
Karma: 1
Re: CARP or no CARP
«
Reply #2 on:
May 22, 2024, 10:37:41 pm »
Whouou, really thanks for this ultra fast feedback
attach a new image : did i get a good understanding of what you are talking about ?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1597
Karma: 176
Re: CARP or no CARP
«
Reply #3 on:
May 22, 2024, 11:23:12 pm »
Yeah, using virtual IPs and both WAN interfaces connected to the same switch.
Reference Thread:
https://forum.opnsense.org/index.php?topic=34955
Logged
Hardware:
DEC740
tsystem
Jr. Member
Posts: 55
Karma: 1
Re: CARP or no CARP
«
Reply #4 on:
May 25, 2024, 01:02:45 pm »
Whoua, i'm going ahead and it's become harder and complex ...
So 'i got some questions ...
1: VLANs : if i create some vlans, need i to create a VHID group for each vlan ? and if it's case, need i to create each vlan before create VHID ?
2: for the CARP and the VLANs, need it to setup and outbound nat for each vlan ?
3: and finally with the multiple WAN config ... : how to manage that with outbounds etc ?
Thanks by advance for help
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1597
Karma: 176
Re: CARP or no CARP
«
Reply #5 on:
May 25, 2024, 01:50:34 pm »
- Each vlan needs its own carp vip.
- Each vlan needs its own outbound nat rule if you want to masquerade to the internet. If its on automatic I think its automatic though not sure here, I always use manual nat.
- When you have multiple wans you can create firewall rules that force traffic to the gateway of one or the other. Both need their own outbound nat rules.
- If you want to load balance or failover between them you have to create a gateway group and set your firewall rule gateway to that gateway group, on the rule to the internet only.
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
CARP or no CARP
