HA firewall (assign same managed route to two endpoints)

mgiammarco · May 19, 2021, 8:20am

Hi,
imagine this situation:

10.1.0.0 private network → opnsense1 HA zerotier 172.40.50.6
→ opnsense2 HA zerotier 172.40.30.5

Can I assign two times in managed routes the same route like:

10.1.0.0/24 via 172.40.50.6
10.1.0.0/24 via 172.40.30.5

Otherwise I cannot use opnsense in active passive configuration.

zt-grant · June 4, 2021, 7:16am

I think you’re thinking of ZeroTier as more advanced and complex than it is. At the base level you need to be thinking, “Is this something I can be doing with a physical network and router”, not “Can ZeroTier do X”.

ZeroTier is a virtual network cable & switch. Quite literally. It operates at Layer 2 of the OSI networking stack. Sure we’re building cool things on top of that, but at a base level, it’s just a virtual ethernet cable & switch between devices. If you can do it with a physical network, you can do it with ZeroTier.

That being said, let’s consider your question in terms of a physical wire (or wireless access point) and switch network. Could you assign a single route to multiple hosts in a physical network? The answer is No. The answer is the same with ZeroTier, because at its most basic level, it’s just a virtual network switch.

That being said, things like OSPF, BP, et al, also work over ZeroTier. Like I said. ZeroTier is Layer 2 of the OSI stack. Anything that works on Layer 2 of a physical network also works over ZeroTier. Your imagination is the limit as long as it works on a traditional networking stack!

mgiammarco · June 4, 2021, 7:09am

So basically I can add routes not only with your control panel.
Ok I understood. Thanks.

mgiammarco · June 4, 2021, 7:22am

Anyway the problem is: I am also on OPNSense forum.
Many people ask as me same questions:

opnsense multiwan and zerotier
opnsense HA and zerotier
does zerotier support officially zerotier?

I would like to pass all my customers to zerotier but I must do all things I do now with OpenVPN.
And in OPNSense it seems they do not consider HA for zerotier (openvpn works in HA: it is started automatically only on master firewall)
And multiwan support is not explained. I have tried with two wans disabling first wan and then second wan without losing a remote desktop connection (in a server connected with zerotier), it seems very nice. But it is only one test I need more support before doing the switch and start new products based on zerotier (with opnsense)

system · July 4, 2021, 7:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.