Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA/CARP with EdgerouterX facing the Internet

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    1
    2
    209
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reberhar
      last edited by reberhar

      Hi Fellow Strugglers...

      Ahh another new challenge!

      I am setting up HA/CARP and my challenge is that the ISP just give me an ip assigned to my WAN mac. If this mac changes the ISP cuts me off. Hmm, well I decided to put an Ubiquiti Edge Router X between me and the ISP so that the IP and the mac remain stable and keep the ISP happy.

      Good thus far :)

      The real challenge seems to have to do with my OPENVPN servers.

      So I have 4 site to site OpenVPN tunnels and two road warrior connections, so time for port forwading on the Edgerouter.

      So as I built the system I port forwared this all to the primary pfSense server so as to keep the users happy while I am building.

      port xxx1 site to site one to 192.168.20.XXprimary
      .
      .
      port xxx4 site to site four to 192.168.20.XXprimary

      road warror 1 and road warrior two, the same.

      Shazam it works.

      So I built the two HA boxes according to the Netgate directions, as I have several times before. There is one difference between this and the other boxes I have built though, these boxes have the OpenVPN servers and the others had the clients.

      So now some history ...

      On my first attempt at HA, more than a decade ago, I had an ARRIS cable modem to which I was connecting. It showed the VRRP MAC for the CARP VIP on the pfSense server. The other modems I connected to later did no such thing. So I read the VRRP documentation and decided I would try just assigning a static IP in the ISP router ahead of the pfSense server with a corresponding VRRP mac attached to it. Gosh, if it failed, what could it hurt? Pretty simple minded I grant you.

      00-00-5E-00-01-{VRID} (from the Cisco site)

      192.168.0.254 with mac 00:00:5E:00:01:01, like the one in the Arris modem, I put in the other unfriendly modems.

      I have done this like 8 times, incrementing the final digit when I have more than one gateway.

      Much to my surprise it (seems) to have always worked. ...

      But now I am working on the machine with the OpenVPN server. Everything else works. The ISP modem that I am drawing from is in vhid 4 on the pfSense's Virtual IDs, so ...

      192.168.20.254 / 00:00:5E:00:01:04 was the IP and mac I chose.

      Everything works, but when I point the port forwarding to 192.168.20.254, my virutal ip, I lose my server connections and my users are unhappy ... back to the primary server.

      Now I know that this is a very simple minded approach and that I am lucky that it works at all.

      That being true, I am still asking for advice. I am assuming that I am missing something in the configuration of the Edge Router X. As sophisticated as that little box is there has got to be a way to get it to cooperate. They can be setup for rollover much like pfSense, but from what I understand, this is on the WAN side, and I am working on the LAN side.

      So got any ideas?

      Thanks for any help you might have to offer. As always I appreciate to good helpful folks on the forums.

      You guys are awesome

      Roy

      R 1 Reply Last reply Reply Quote 0
      • R
        reberhar @reberhar
        last edited by

        @reberhar Hi All

        The answer was already in the forum.

        https://forum.netgate.com/topic/182996/openvpn-with-ha-carp-not-connecting-on-vip

        Thanks for your patience.

        Roy

        1 Reply Last reply Reply Quote 0
        • First post
          Last post