FreeBSD/CARP: bind outgoing packets to virtual IP
Muenz, Michael
m.muenz at spam-fetish.org
Mon Dec 21 14:07:18 CET 2020
Hi,
Any news on my old request?
There are more and more users in OPNsense asking for HA features with
WireGuard.
Best,
Michael
Am 28.09.2020 um 13:33 schrieb Muenz, Michael:
> Hi,
>
> for HA solutions within Linux it seems WireGuard has the ability to
> use fwmark to treat packet right with iptables.
>
> When it comes to FreeBSD we don't have any chance to rewrite packets
> in HA setups.
>
> Let's say you have unit1 with master IP 1.1.1.5 and unit2 with master
> IP 1.1.1.9 and a floating IP 1.1.1.7 which is only owned by the active
> unit. Without the option to bind the service to a fixed IP, packets
> leaving the firewall will be sourced from the highest interface IP
> which would break when the floating IP is moving from unit 1 to 2.
>
> I know most of the user base are Linux users but I more and more get
> requests also from bigger companys about HA-setups via OPNsense.
>
> Do you have any plans about a similar feature for your FreeBSD users? :)
>
>
> Best,
>
> Michael
>
>
More information about the WireGuard
mailing list