Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IP Alias on top of CARP VIP
« previous
next »
Print
Pages: [
1
]
Author
Topic: IP Alias on top of CARP VIP (Read 7527 times)
The Sky Heart
Newbie
Posts: 4
Karma: 0
IP Alias on top of CARP VIP
«
on:
December 03, 2017, 03:59:46 am »
Hi Guys,
I'm trying to configure 2 OPNSense in HA mode, I did the initial configs and the HA configs, everything works fine, but I have a lot of Public IP Subnets that are routed, I was testing with 2 /24 Subnet so I made the first subnet as the main interface IP's
fw1: x.x.x.2
fw2: x.x.x.3
carp VIP: x.x.x.1
the second subnet I added a static route then added another CARP VIP x.x.2.1, this setup works fine, but as I mentioned I have a lot of Public /24 IP's and I don't want to have VHID for each CARP VIP.
in pfsense there is an option to create an IP Alias on top on the CARP VIP but I can't see that option in OPNSense, also if I add the IP as a normal IP Alias that IP is not synced to the second firewall, so I guess to be able to sync all Virtual IP's they should be a CARP IP's.
please any help or more information on this would be appreciated I honestly don't want to switch to pfsense because of this reason.
Thanks
Logged
mimugmail
Hero Member
Posts: 6764
Karma: 494
Re: IP Alias on top of CARP VIP
«
Reply #1 on:
December 03, 2017, 06:15:19 am »
Hm, normally you should be able to choose the correct VHID at IP Alias.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
franco
Administrator
Hero Member
Posts: 17605
Karma: 1603
Re: IP Alias on top of CARP VIP
«
Reply #2 on:
December 03, 2017, 08:46:46 am »
Hi there,
This was added in 17.7.1:
https://github.com/opnsense/changelog/blob/4c9af494a75da82af104f96c73bd0d68bb7bf4dc/doc/17.7/17.7.1#L35
Cheers,
Franco
Logged
The Sky Heart
Newbie
Posts: 4
Karma: 0
Re: IP Alias on top of CARP VIP
«
Reply #3 on:
December 03, 2017, 10:03:08 pm »
Hi Guys,
Thanks a lot for your Reply,
but seems this doesn't work for me,
I created a CARP VIP on a VLAN Interface, as I mentioned this works fine, but if I add an IP Alias on the VLAN interface using the same VHID then both firewalls become master for the CARP VIP, and I can't see that the new IP Alias has been synced to the other Firewall, so either i'm adding it a wrong way or there is another issue.
and I'm using OPNsense 17.7.8-amd64 on both Firewalls.
I checked this issue
https://github.com/opnsense/core/issues/1779
which exactly what I'm facing but seem's you guys have fixed in 17.7.1 as @franco mentioned.
Logged
The Sky Heart
Newbie
Posts: 4
Karma: 0
Re: IP Alias on top of CARP VIP
«
Reply #4 on:
December 03, 2017, 10:13:54 pm »
Here is a little more information with screenshots,
the Main CARP VIP is on VLAN interface, which is VLAN 1050, so this what happens if I add another CARP VIP using the same VHID,
https://gyazo.com/33c83e8383788254403f5684b8650369
and if I add the IP as an IP Alias like here
https://gyazo.com/5826eea43cf6a9476f353b4ca005d9ef
then both firewalls become master for that CARP interface.
Logged
The Sky Heart
Newbie
Posts: 4
Karma: 0
Re: IP Alias on top of CARP VIP
«
Reply #5 on:
December 04, 2017, 02:57:41 am »
Hi again,
ok it seem's that we have to add the IP Aliases on each firewall, pfsync seem doesn't sync the IP Aliases, after adding the IP Alias to the backup firewall the IP status changed correctly and now the master is master and the backup is backup, this doesn't happen in pfSense when you add an IP Alias on top of a CARP VIP pfsync sync the ip to the other node.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IP Alias on top of CARP VIP