Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Bug: CARP not working on second WAN interface #1779
Experimenting, I'm getting a contradictory result. On the first WAN interface, I've added two CARP IPs, both using the same VHID number. On the second WAN interface, I've added one CARP IP, using a second VHID number. But when I try to add a second CARP IP, OPNsense complains:
In the CARP widget in the lobby, it clearly shows the first two IPs as "WAN1@11 > MASTER ", and the second as "WAN2@12 ", where 11 and 12 are the CARP VHIDs. Note the second interface's IP isn't showing it as master either. What difference is allowing multiple CARP IPs with the same VHID on one WAN interface, and blocking it from being set up that way on the other?
Also, WAN2 is not sending out any CARP packets. It's receiving some with another VHID from another system on that interface. But it's not sending out any of its own on WAN2, not with VHID12 or anything else. Also, it has not added the one CARP IP to its interface.
Looking with ifconfig, I see that interface igb1 (WAN1) has promiscuous mode enabled, igb2 (WAN2) does not. Why would this be? Could it be related to the problems?
I think we can drop the constraint which only allows the same vhid to be assigned on one interface, I just need to do some final check there.
I removed the validation and saved on my end, which seems to result it the correct aliases:
Which looks the same as adding one manually using
I think we better unlock the possibility to add an optional vip to an ipalias as well and check if there actually is a carp vip configured on the interface when set, that way you can easily add more and we keep complexity low.
If we remove the validation we would trigger the init (https://github.com/opnsense/core/blob/17.7/src/etc/inc/interfaces.inc#L1871) multiple times, which isn't a very bright idea.