Expected Hardware to Start With

by Jan Bachelor

Before we dive in, there are some pre-requisites that you will need:

  • 2x OPNSense units – we will set them up via CARP as main and backup for each interface (WAN1, WAN2, LAN and SYNC).
    • Both units need to be on the same version. If they are virtualized, you can clone one (see below).
    • Each OPNSense unit will need at least 3x network ports:
      • WAN1 – to connect to your ISP1
      • WAN2 (optional) – for your ISP2
      • SYNC – a dedicated line to talk to each other on deciding who is main / backup. Optional but highly recommended to wire them directly together.
      • LAN – to connect to a switch or access point for additional devices to connect
  • 1-2x WAN routers – preferably different last mile providers
    • You do not need a static IP address on either, we can work with dynamic just fine, even if you plan to serve websites and other services (such as a Minecraft server, mail server, etc.) – however, the ISP must not block the ports on their side.
    • Ability to configure the ISP Router(s) to ensure they are in router mode rather than a bridge mode, so that you can connect each OPNSense device to it on an ethernet port (the guide below helps you to configure it).

Virtualized OPNSense?

It is possible that you have the OPNSense units virtualized in hypervisor such as Proxmox. Some will warn you against it. But if you have more than one Proxmox server, it is doable. In this case, if you have already one OPNSense VM configured, you can simply clone it. Just remember to do the following before you switch it back on:

  • Disable the LAN interface of the cloned VM.
  • Boot it up and disable DHCP on the backup later until they are in CARP where only one serves DHCP traffic at one time.
  • Change the hostname of the cloned instance so that it is unique.
  • Change IPs of the static interfaces that you use (ensure that MAC addresses are different, too).

Desired State

As the intro showed, this is the desired state of our set up with (ideally) WAN and OPNSense redundancy in place. Preferrably, each OPNSense unit is on a separate UPS unit that is connected directly to it and configured to send a switch off command in case power is close to running out. I can expand on that in one of the future tutorials (just make a comment below).

Go back to course overview: OPNSense in HA with CARP with dual WANs

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Step Contents

Content