From 38e4826dd350db19ef79687c9e40968ac7b0265d Mon Sep 17 00:00:00 2001 From: Gitea Actions Date: Sun, 19 Oct 2025 19:14:32 +0000 Subject: [PATCH] Auto-update blog content from Obsidian: 2025-10-19 19:14:32 --- ...3-migration-opnsense-proxmox-highly-available.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/content/post/13-migration-opnsense-proxmox-highly-available.md b/content/post/13-migration-opnsense-proxmox-highly-available.md index 060c1ba..11b570b 100644 --- a/content/post/13-migration-opnsense-proxmox-highly-available.md +++ b/content/post/13-migration-opnsense-proxmox-highly-available.md @@ -241,7 +241,13 @@ Great, with these 3 rules, I cover the basics. The remaining rules would be to a ### DHCP -Dnsmasq will be my DHCPv4 server, but beware because it is not synchronize leases in the cluster. In HA setup, both firewalls will serve DHCP at the same time, with slight different configuration to not overlap. Dnsmasq will also act as DNS, but only for my local zones. In `Services` > `Dnsmasq DNS & DHCP` > `General`, I configure as follow: +For the DHCP, I choose Dnsmasq. In my current installation I use ISC DHCPv4, but as it is now deprecated, I prefer to replace it. + +Beware because it is not synchronize leases in HA. To workaround this, both firewalls will serve DHCP at the same time, with slight different configuration to not overlap. + +Dnsmasq will also act as DNS, but only for my local zones. + +In `Services` > `Dnsmasq DNS & DHCP` > `General`, I configure the master firewall as follow: - **Default** - **Enable**: Yes - **Interface**: *Mgmt*, *User*, *IoT*, *DMZ* and *Lab* @@ -253,10 +259,13 @@ Dnsmasq will be my DHCPv4 server, but beware because it is not synchronize lease - **DHCP FQDN**: Enabled - **DHCP local domain**: Enabled - **DHCP authoritative**: Enabled + - **DHCP reply delay**: 0 - **DHCP register firewall rules**: Enabled - **Disable HA sync**: Enabled -Next +On the backup node, I configure it the same way, the only difference will be the **DHCP reply delay** which I set to **10**. This will let the time to my master node to fulfill requests if it is alive. + +Next I configure the DHCP ranges,