I have a demo configuration of two Untangle systems with VRRP redundancy.
Call them Box1 and Box2.
Box1 WAN=1.2.3.250 LAN=10.0.0.4
Box2 WAN=1.2.3.254 LAN=10.0.0.5
Alias WAN=1.2.3.251 LAN=10.0.0.1
I configured Box1 (the master) with WAN of 1.2.3.251 and LAN of 10.0.0.1, verified that the network functions normally (it does) and proceeded to configure all of the wanted services, configured the server certificate for HTTPS inspection, OpenVPN users, IPSecVPN, L2TP VPN, email scanning, port forwards, AD connector, and such. Created a backup of this configuration.
Restored the configuration to Box2.
Modified Box1 WAN to use: 1.2.3.250
VRRP ID1 Priority 100
VRRP Aliases:
1.2.3.251
Modified Box1 LAN to use: 10.0.0.4
VRRP ID2 Priority 100
VRRP Aliases:
10.0.0.1
Modified Box2 WAN to use: 1.2.3.154
VRRP ID1 Priority 50
VRRP Aliases:
1.2.3.251
Modified Box2 LAN to use: 10.0.0.5
VRRP ID2 Priority 50
VRRP Aliases:
10.0.0.1
Reading the docs both boxes should have the same certificates and configurations with the backup of Box1 restored to Box2.
I get replies from the aliased addresses when pinging.
The question is, in a VRRP configuration, shouldn't the aliased address be what is used versus the active box address?
It is my understnding that if a box is marked as "master" then any traffic going to the aliased address will be redirected to the active box. If this is correct, then shouldn't the apps on the active box also respond to the aliased address?
So far certificates, quarantine and the administrator console do not behave in this manner.
Call them Box1 and Box2.
Box1 WAN=1.2.3.250 LAN=10.0.0.4
Box2 WAN=1.2.3.254 LAN=10.0.0.5
Alias WAN=1.2.3.251 LAN=10.0.0.1
I configured Box1 (the master) with WAN of 1.2.3.251 and LAN of 10.0.0.1, verified that the network functions normally (it does) and proceeded to configure all of the wanted services, configured the server certificate for HTTPS inspection, OpenVPN users, IPSecVPN, L2TP VPN, email scanning, port forwards, AD connector, and such. Created a backup of this configuration.
Restored the configuration to Box2.
Modified Box1 WAN to use: 1.2.3.250
VRRP ID1 Priority 100
VRRP Aliases:
1.2.3.251
Modified Box1 LAN to use: 10.0.0.4
VRRP ID2 Priority 100
VRRP Aliases:
10.0.0.1
Modified Box2 WAN to use: 1.2.3.154
VRRP ID1 Priority 50
VRRP Aliases:
1.2.3.251
Modified Box2 LAN to use: 10.0.0.5
VRRP ID2 Priority 50
VRRP Aliases:
10.0.0.1
Reading the docs both boxes should have the same certificates and configurations with the backup of Box1 restored to Box2.
I get replies from the aliased addresses when pinging.
The question is, in a VRRP configuration, shouldn't the aliased address be what is used versus the active box address?
It is my understnding that if a box is marked as "master" then any traffic going to the aliased address will be redirected to the active box. If this is correct, then shouldn't the apps on the active box also respond to the aliased address?
So far certificates, quarantine and the administrator console do not behave in this manner.