CARP VIP always fall back to Backup even if no HA host is configured.

Started by supertorben, January 17, 2025, 01:15:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 17, 2025, 01:15:06 PM
Hi everyone,
I have read a lot about the configuration of VIP, CARP and HA.

I setup a dedicated Hardware for the Opnsense with the actual Software version (OPNsense 24.7.12 released Wed, 15 Jan 2025 14:12:24 GMT) . After seting up a LAGG to my physical switch and configuring all VLANS ( no untagged vlans on that LAGG ) I start to configure the Interfaces and VIPs on the VLANs.
Mainly I configured the first or last IP as VIP and the only HA Firewall that exists as .3 or .253 .
Problem right now is that all interfaces are working fine but since a few days one interface start Flapping from MASTER to BACKUP and it is the only CARP device on that VLAN.

the Log files show something wiered :
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member " (10.0.10.1) (110@vlan0.1.110)" has resumed the state "MASTER" for vhid 16
and a few seconds after that
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member " (10.0.10.1) (110@vlan0.1.110)" has resumed the state "BACKUP" for vhid 16

and this repeats all over every few seconds. results in a very unstable gateway.. interrestingly the other VLANS and VIP configured exactly the same aren't affacted at all in any way

sometimes a normal ellection start but due to no Backup Firewall it produces just this log but also only for that VIP AND Interface
kernel - - [meta sequenceId="2616"] <6>carp: 110@vlan0.1.110: MASTER -> BACKUP (more frequent advertisement received)
 kernel - - [meta sequenceId="2617"] <6>carp: 110@vlan0.1.110: BACKUP -> MASTER (master timed out)
 kernel - - [meta sequenceId="2618"] <6>carp: 110@vlan0.1.110: MASTER -> BACKUP (more frequent advertisement received)

When I switch to a virtual IP ALias it also switch this VIP directly to Backup for some reason.

Traces and Pings indicated no other host with that IP address on that network

Just canot explain as there is no Master/Backup server available that can win the CARP ellection and what that openVPN hook has to do with it.

also I deactivated all OpenVPN servers or Clients during the debugging but still that systemhook initiates the FAILover / BACKUP State of CARP VIP and Alias IP

Hope you can help me and can Provide more Informations when you need it !
January 17, 2025, 02:44:25 PM #1
Please solve this issue .. it was a missaligned Subnetmask that probably copy and past from another entry...
So Problem solved !
Print
Go Up Pages1
User actions