Bridge + CARP + High Availability

[mitra7]

I have two OPNSense installations in High Availability.
I setup CARP on the Master Server in a Bridged interface. Both machines have the bridge interface which is br0.
When both machines synchronize the backup server loses the Interface on CARP. Is this a new problem?
I have a second CARP using regular interfaces and it synchronizes fine.

Server 1 (Master)


Server 2 (Backup)

[mitra7]

Do I need to open an issue on Github? Is there any more information that I should provide?

[mimugmail]

Never used CARP and Bridge, do you use a dedicated Uplink for Sync and PF stats? Screenshots of both CARP status? Anything related in the system.log?

[mitra7]

I get this notice:
"09-26-18 22:22:32 [ Interface specified for the virtual IP address 192.168.XX.250 does not exist. Skipping this VIP. ]"
However if I disable Virtual IPs Synchronization and I assigned the interface manually on the Backup server (Virtual IP/Carp Settings) it works just fine.

bridge0 (Master Server)

bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 02:e5:3e:f9:7c:00
   inet 192.168.XX.254 netmask 0xffffff00 broadcast 192.168.XX.255
   inet 192.168.XX.250 netmask 0xffffff00 broadcast 192.168.XX.255 vhid 1
   nd6 options=1<PERFORMNUD>
   carp: MASTER vhid 1 advbase 1 advskew 0
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
   member: ovpns3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 12 priority 128 path cost 2000000
   member: vtnet1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 2 priority 128 path cost 2000

bridge0 (Backup Server)

bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 02:a7:7b:d3:48:00
   inet 192.168.XX.251 netmask 0xffffff00 broadcast 192.168.XX.255
   inet 192.168.XX.250 netmask 0xffffff00 broadcast 192.168.XX.255 vhid 1
   nd6 options=1<PERFORMNUD>
   carp: BACKUP vhid 1 advbase 1 advskew 100
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
   member: ovpns3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 10 priority 128 path cost 2000000
   member: vtnet1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 2 priority 128 path cost 2000

[mimugmail]

What about the rest of the questions?

[mitra7]

I don't use a dedicated uplink for SYNC but I can create. For SYNC I am using the same interface (Bridge0).
It might be due to ovpns3 on the Backup Server is down because it is a Site-To-Site TAP VPN, I can't have both servers connected at the same time to the VPN Server.
I just don't understand why because if I assign manually the interface on the backup server it stays there.
I was checking and the same interface is not assigned on the Gateways section if it was updated through sync, manually works.

[mimugmail]

Sorry, I'm out here, I never used OpenVPN to bridge LANs, and I have no idea how this would break in a HA screnario and what happens on a failover. This is a ver rare untypical setup.