HA firewall (assign same managed route to two endpoints)

Hi,
imagine this situation:

10.1.0.0 private network → opnsense1 HA zerotier 172.40.50.6
→ opnsense2 HA zerotier 172.40.30.5

Can I assign two times in managed routes the same route like:

10.1.0.0/24 via 172.40.50.6
10.1.0.0/24 via 172.40.30.5

Otherwise I cannot use opnsense in active passive configuration.

I think you’re thinking of ZeroTier as more advanced and complex than it is. At the base level you need to be thinking, “Is this something I can be doing with a physical network and router”, not “Can ZeroTier do X”.

ZeroTier is a virtual network cable & switch. Quite literally. It operates at Layer 2 of the OSI networking stack. Sure we’re building cool things on top of that, but at a base level, it’s just a virtual ethernet cable & switch between devices. If you can do it with a physical network, you can do it with ZeroTier.

That being said, let’s consider your question in terms of a physical wire (or wireless access point) and switch network. Could you assign a single route to multiple hosts in a physical network? The answer is No. The answer is the same with ZeroTier, because at its most basic level, it’s just a virtual network switch.

That being said, things like OSPF, BP, et al, also work over ZeroTier. Like I said. ZeroTier is Layer 2 of the OSI stack. Anything that works on Layer 2 of a physical network also works over ZeroTier. Your imagination is the limit as long as it works on a traditional networking stack!

So basically I can add routes not only with your control panel.
Ok I understood. Thanks.

Anyway the problem is: I am also on OPNSense forum.
Many people ask as me same questions:

  • opnsense multiwan and zerotier
  • opnsense HA and zerotier
  • does zerotier support officially zerotier?

I would like to pass all my customers to zerotier but I must do all things I do now with OpenVPN.
And in OPNSense it seems they do not consider HA for zerotier (openvpn works in HA: it is started automatically only on master firewall)
And multiwan support is not explained. I have tried with two wans disabling first wan and then second wan without losing a remote desktop connection (in a server connected with zerotier), it seems very nice. But it is only one test I need more support before doing the switch and start new products based on zerotier (with opnsense)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.