I have 2xHP Servers in a rack running each of their own OPNSense Virtual Machine within the 10.1.105.0/24 subnet which is a VLAN on a HP Procurve L2 switch. Idea is to have a HA Virtual Firewall on two different hypervisors that share the same local subnet.
Virtual Firewall #1 10.1.105.2
Virtual Firewall #2 10.1.105.3
Plan is to set up CARP with a virtual IP (x.x.x.1), but first I want to make sure I can reach the GUI on each of them through my VPN network (10.1.137.0/24) and avoid those damn trips to the DC. VPN is only configured on #2 right now. When connected through VPN #2 is pingable, but not #1.
Traceroute from my VPN client towards 10.1.105.3 hops directly to 10.1.105.3 with success
Traceroute from my VPN client towards 10.1.105.2 hops through 10.1.137.1 and fails to hop further
If I connect a VM or a rack cart on the VLAN with 10.1.105.123 as IP, I can reach everything. So guessing something needs to be configured differently in OPNSense (?) Any debug ideas would be awesome. Enjoy your weekend guys, and let me know if I can improve anything with this post.
# Routes on FW1 (10.1.105.1) Destination Gateway default 123.123.123.49 (WAN) 10.1.105.0/24 link#2 (LAN) 10.1.105.2 link#2 (LAN) 127.0.0.1 link#4 123.123.123.48/28 link#1 (WAN) 123.123.123.55 link#1 (WAN) # Routes on FW2 (10.1.105.3) Destination Gateway default 123.123.123.49 (WAN) 10.1.105.0/24 link#2 (LAN) 10.1.105.3 link#2 (LAN) 10.1.137.0/24 10.1.137.2 10.1.137.1 link#7 (VPN) 10.1.137.2 link#7 (VPN) 127.0.0.1 link#4 123.123.123.48/28 link#1 (WAN) 123.123.123.55 link#1 (WAN) 
No comments:
Post a Comment