-1

if I would like to setup a opnSense HA cluster of two nodes, what is the best practice to setup such an environment.

My preferred approach would be:

  1. setup the first node IP
  2. setup the physical interfaces
  3. setup the link aggregation(s)
  4. setup the VLANs
  5. setup the needed services

Now it is unclear for me (and also from the documentation), if I can setup a CARP (HA) with the second and if all these settings will be automatically synchronized to the second node?

Or do I need to resetup all the configurations also for the second node and afterwards to setup the CARP? If the later case is the fact and I need to setup some things redundantly on the second node:

  • what are these things, which need to be done manually?
  • is there any way to manually export these settings from first/master and to reimport to the second node?
cilap
  • 2,215
  • 1
  • 25
  • 51

1 Answers1

0

There is a sync button to force syncing all stuff (which is selected in System : HA : Configuration), so no matter if you set up services before of after activating HA. Please know, HA (XMLRPC Sync) and CARP are not the same. XMLRPC only syncs the configuration, CARP is only a protocol to switch IP addresses on nodes, but it uses the HA link to exchange states. I for myself also use just HA Sync for a customer to exchange configuration to a passive standby node on a different DC.

mimugmail
  • 1
  • in pfsense not all configurations where synchronized properly. Therefore I am asking. Especially the interfaces and the IPs couldn't be synchronized. Is this differently on opnSense? – cilap Jun 04 '19 at 07:53
  • It's working the same way, all I can say that every section you enable to sync also works, no idea what happens in pfSense – mimugmail Jun 04 '19 at 19:13
  • tested it now with a setup. interfaces and vlans are not sycned. any option to configure this sync for interfaces and vlans? – cilap Jun 04 '19 at 21:38
  • Syncing of interfaces doesn't make sense, don't you think? :) – mimugmail Jun 11 '19 at 09:31
  • it does not make sense to sync the IPs, but of course it is a pain to rebuild multiple times VLAN interfaces if you work on HA environment. Or do I get something wrong? But if the Nodes are working in HA even the interfaces should have the same IP, isn't it? – cilap Jun 14 '19 at 13:15