Text only | Text with Images

OPNsense Forum

International Forums => German - Deutsch => Topic started by: superwinni2 on January 04, 2021, 08:20:56 AM

Title: CARP demoted (pfsync bulk start)
Post by: superwinni2 on January 04, 2021, 08:20:56 AM
Hallo und frohes Neues Jahr zusammen

kann mir eventuell jemand erklären warum mein CARP auf die BackupFW springt sobald ich eine (XMLRPC) Synchronisation starte?
Dadurch fliegen natürlich jegliche Benutzer aus der OpenVPN Verbidnung heraus.
Haupt und Backup sind auf Version
Code Select
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020

Die System.log:
Code Select
Jan  4 07:31:32 fw1 webgui[50262]: /index.php: Successful login for user 'root' from: 10.10.10.135
Jan  4 07:31:32 fw1 webgui[50262]: /index.php: Successful login for user 'root' from: 10.10.10.135
Jan  4 07:57:12 fw1 opnsense[82474]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:57:17 fw1 opnsense[45021]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:57:30 fw1 opnsense[82474]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:57:35 fw1 opnsense[45021]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:57:50 fw1 opnsense[3442]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:58:10 fw1 opnsense[3442]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:59:38 fw1 opnsense[93960]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:59:57 fw1 opnsense[93960]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 08:02:00 fw1 opnsense[9331]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 08:02:19 fw1 opnsense[9331]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 08:03:26 fw1 kernel: carp: demoted by 240 to 240 (pfsync bulk start)
Jan  4 08:03:26 fw1 kernel: carp: 6@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 13@vmx3: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx3: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 12@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 11@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 10@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 9@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 8@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 1@vmx0: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx0: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 7@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 5@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 4@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 3@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 2@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 opnsense[17087]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "BACKUP" for vhid 6
Jan  4 08:03:26 fw1 opnsense[17087]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:03:26 fw1 configctl[25434]: event @ 1609743806.47 msg: Jan  4 08:03:26 fw1.emea.aww.int config[84983]: config-event: new_config /conf/backup/config-1609743806.4024.xml
Jan  4 08:03:26 fw1 configctl[25434]: event @ 1609743806.47 exec: system event config_changed
Jan  4 08:03:27 fw1 opnsense[74073]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "BACKUP" for vhid 13
Jan  4 08:03:27 fw1 opnsense[74073]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:03:27 fw1 kernel: carp: demoted by -240 to 0 (pfsync bulk done)
Jan  4 08:03:27 fw1 opnsense[26183]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "BACKUP" for vhid 12
Jan  4 08:03:27 fw1 opnsense[26183]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:03:27 fw1 kernel: carp: 2@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 3@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 13@vmx3: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 4@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 5@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 7@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: arp: 10.10.10.1 moved from 00:00:5e:00:01:0d to 00:0c:29:98:aa:c5 on vmx3
Jan  4 08:03:27 fw1 kernel: carp: 8@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 9@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 10@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 11@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 1@vmx0: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 12@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 6@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:28 fw1 opnsense[65615]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "BACKUP" for vhid 11
Jan  4 08:03:28 fw1 opnsense[65615]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:03:28 fw1 opnsense[45431]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "BACKUP" for vhid 10
Jan  4 08:03:28 fw1 opnsense[45431]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:03:28 fw1 opnsense[65820]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "BACKUP" for vhid 9
Jan  4 08:03:28 fw1 opnsense[65820]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:03:29 fw1 opnsense[98623]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "BACKUP" for vhid 8
Jan  4 08:03:29 fw1 opnsense[98623]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:03:29 fw1 opnsense[22562]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "BACKUP" for vhid 1
Jan  4 08:03:29 fw1 opnsense[22562]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:03:30 fw1 opnsense[53413]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "BACKUP" for vhid 7
Jan  4 08:03:30 fw1 opnsense[53413]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:03:30 fw1 opnsense[86312]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "BACKUP" for vhid 5
Jan  4 08:03:30 fw1 opnsense[86312]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:03:30 fw1 opnsense[8812]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "BACKUP" for vhid 4
Jan  4 08:03:30 fw1 opnsense[8812]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:03:31 fw1 opnsense[24252]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "BACKUP" for vhid 3
Jan  4 08:03:31 fw1 opnsense[24252]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:03:31 fw1 opnsense[52485]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "BACKUP" for vhid 2
Jan  4 08:03:31 fw1 opnsense[52485]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:03:32 fw1 opnsense[49273]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "MASTER" for vhid 2
Jan  4 08:03:32 fw1 opnsense[49273]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:03:32 fw1 opnsense[36346]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "MASTER" for vhid 3
Jan  4 08:03:32 fw1 opnsense[36346]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:03:32 fw1 opnsense[57270]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "MASTER" for vhid 13
Jan  4 08:03:32 fw1 opnsense[57270]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:03:33 fw1 opnsense[84185]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "MASTER" for vhid 4
Jan  4 08:03:33 fw1 opnsense[84185]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:03:33 fw1 opnsense[74783]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "MASTER" for vhid 5
Jan  4 08:03:33 fw1 opnsense[74783]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:03:33 fw1 opnsense[84613]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "MASTER" for vhid 7
Jan  4 08:03:33 fw1 opnsense[84613]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:03:34 fw1 opnsense[98441]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "MASTER" for vhid 8
Jan  4 08:03:34 fw1 opnsense[98441]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:03:34 fw1 opnsense[1276]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "MASTER" for vhid 9
Jan  4 08:03:34 fw1 opnsense[1276]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:03:35 fw1 opnsense[98018]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "MASTER" for vhid 10
Jan  4 08:03:35 fw1 opnsense[98018]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:03:35 fw1 opnsense[33194]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "MASTER" for vhid 11
Jan  4 08:03:35 fw1 opnsense[33194]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:03:35 fw1 opnsense[62468]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "MASTER" for vhid 1
Jan  4 08:03:35 fw1 opnsense[62468]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:03:36 fw1 opnsense[66407]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "MASTER" for vhid 12
Jan  4 08:03:36 fw1 opnsense[66407]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:03:36 fw1 opnsense[86707]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "MASTER" for vhid 6
Jan  4 08:03:36 fw1 opnsense[86707]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:04:22 fw1 kernel: carp: demoted by 240 to 240 (pfsync bulk start)
Jan  4 08:04:22 fw1 kernel: carp: 6@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 12@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 13@vmx3: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx3: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 11@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 10@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 9@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 8@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 7@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 5@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 4@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 3@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 2@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 1@vmx0: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx0: deletion failed: 3
Jan  4 08:04:22 fw1 opnsense[27153]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "BACKUP" for vhid 6
Jan  4 08:04:22 fw1 opnsense[27153]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:04:22 fw1 opnsense[78415]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "BACKUP" for vhid 12
Jan  4 08:04:22 fw1 opnsense[78415]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:04:23 fw1 configctl[25434]: event @ 1609743862.51 msg: Jan  4 08:04:22 fw1.emea.aww.int config[85003]: config-event: new_config /conf/backup/config-1609743862.4143.xml
Jan  4 08:04:23 fw1 configctl[25434]: event @ 1609743862.51 exec: system event config_changed
Jan  4 08:04:23 fw1 opnsense[213]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "BACKUP" for vhid 13
Jan  4 08:04:23 fw1 opnsense[213]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:04:23 fw1 kernel: carp: demoted by -240 to 0 (pfsync bulk done)
Jan  4 08:04:23 fw1 opnsense[60630]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "BACKUP" for vhid 11
Jan  4 08:04:23 fw1 opnsense[60630]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:04:23 fw1 opnsense[95874]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "BACKUP" for vhid 10
Jan  4 08:04:23 fw1 opnsense[95874]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:04:23 fw1 opnsense[28546]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "BACKUP" for vhid 9
Jan  4 08:04:23 fw1 opnsense[28546]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:04:23 fw1 kernel: carp: 1@vmx0: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 2@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 3@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 4@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 5@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 7@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 8@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: arp: 10.46.20.1 moved from 00:00:5e:00:01:01 to 00:0c:29:98:aa:d9 on vmx0
Jan  4 08:04:23 fw1 kernel: carp: 9@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 10@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 13@vmx3: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 11@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 12@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 6@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:24 fw1 opnsense[72275]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "BACKUP" for vhid 8
Jan  4 08:04:24 fw1 opnsense[72275]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:04:24 fw1 opnsense[49670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "BACKUP" for vhid 7
Jan  4 08:04:24 fw1 opnsense[49670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:04:24 fw1 opnsense[87955]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "BACKUP" for vhid 5
Jan  4 08:04:24 fw1 opnsense[87955]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:04:24 fw1 opnsense[5313]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "BACKUP" for vhid 4
Jan  4 08:04:24 fw1 opnsense[5313]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:04:25 fw1 opnsense[46544]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "BACKUP" for vhid 3
Jan  4 08:04:25 fw1 opnsense[46544]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:04:25 fw1 opnsense[85149]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "BACKUP" for vhid 2
Jan  4 08:04:25 fw1 opnsense[85149]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:04:26 fw1 opnsense[56456]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "BACKUP" for vhid 1
Jan  4 08:04:26 fw1 opnsense[56456]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:04:26 fw1 opnsense[88172]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "MASTER" for vhid 1
Jan  4 08:04:26 fw1 opnsense[88172]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:04:26 fw1 opnsense[9822]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "MASTER" for vhid 2
Jan  4 08:04:26 fw1 opnsense[9822]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:04:27 fw1 opnsense[10642]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "MASTER" for vhid 3
Jan  4 08:04:27 fw1 opnsense[10642]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:04:27 fw1 opnsense[57525]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "MASTER" for vhid 4
Jan  4 08:04:27 fw1 opnsense[57525]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:04:28 fw1 opnsense[6392]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "MASTER" for vhid 5
Jan  4 08:04:28 fw1 opnsense[6392]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:04:28 fw1 opnsense[69967]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "MASTER" for vhid 7
Jan  4 08:04:28 fw1 opnsense[69967]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:04:28 fw1 opnsense[34878]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "MASTER" for vhid 8
Jan  4 08:04:28 fw1 opnsense[34878]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:04:29 fw1 opnsense[65852]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "MASTER" for vhid 9
Jan  4 08:04:29 fw1 opnsense[65852]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:04:29 fw1 opnsense[92211]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "MASTER" for vhid 10
Jan  4 08:04:29 fw1 opnsense[92211]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:04:29 fw1 opnsense[65856]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "MASTER" for vhid 13
Jan  4 08:04:29 fw1 opnsense[65856]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:04:30 fw1 opnsense[38179]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "MASTER" for vhid 11
Jan  4 08:04:30 fw1 opnsense[38179]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:04:30 fw1 opnsense[56004]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "MASTER" for vhid 12
Jan  4 08:04:30 fw1 opnsense[56004]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:04:30 fw1 opnsense[84539]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "MASTER" for vhid 6
Jan  4 08:04:30 fw1 opnsense[84539]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:05:18 fw1 sshd[83285]: Accepted publickey for root from 10.10.10.135 port 55923 ssh2: RSA SHA256:IHTkSWs0Klg0NPJ9svQEmgJxHS8i9mAerm2amCcN4ro





Ich habe ebenfalls ein zweites Setup bei jenem dies nicht passiert.
Die Setups haben keine Verbindung zueinander und kennen sich auch nicht.
In den logs steht hier nur folgendes:
Code Select

Jan  4 08:13:42 OPNsense1 opnsense[41119]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://10.0.0.2/xmlrpc.php parse error. not well formed
Jan  4 08:13:50 OPNsense1 opnsense[41119]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://10.0.0.2/xmlrpc.php.


Bei meinem 2. Setup sieht man ja ziemlich eindeutig, dass hier keine "CARP demotion" statt findet.
Herzlichen Dank und Grüße
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 11, 2021, 01:37:14 PM
Hallo superwinni2,

ich habe dasselbe Problem, dass der Sync mit der Baxkup-Firewall nicht mehr funktioniert und wenn ich den Sync ausschalte und wieder anschalte, dann stütz die erste Firewall ab und geht auf die Backup-Firewall .

Viele Grüße,
atom
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 11, 2021, 01:53:04 PM
Auf Firewall2 läuft noch nicht das aktuellste Update und deswegen stürzt der Sync ab
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 11, 2021, 02:26:00 PM
Bei mir sind beide auf demselben Stand laut (Dashboard:Versions)

Aber "System: High Availability: Status" meldet: The backup firewall is not accessible or not configured.
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 11, 2021, 02:52:33 PM
Welche version haben beide?
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 11, 2021, 03:36:01 PM
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
LibreSSL 3.1.5
Title: Re: CARP demoted (pfsync bulk start)
Post by: superwinni2 on January 11, 2021, 05:25:57 PM
Bei mir waren zum Zeitpunkt ebenfalls beide Firewalls auf der gleichen Version... Nun ist auf der HauptFW noch zusätzlich das Update für Unbound und nochmal was drauf... Habe es aber bisher nicht nochmals versucht...

Gesendet von meinem OnePlus 8t mit Tapatalk

Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 13, 2021, 11:15:53 AM
Wenn ich den Sync manuell anstoße, die Pakete auf beiden Seiten aufzeiche, dann sieht alles korrekt aus.

Master:
PFSYNC
ix2   10:44:40.700126 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 196
    update compressed count 2
    eof count 1
PFSYNC
ix2   10:44:40.700136 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:40.700138 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:40.700140 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 196
PFSYNC
ix2   10:44:40.781487 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 196

SLAVE:
PFSYNC
ix2   10:44:39.165275 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
    update compressed count 1
    eof count 1
PFSYNC
ix2   10:44:39.222869 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:39.601930 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 280
PFSYNC
ix2   10:44:39.601945 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 112
PFSYNC
ix2   10:44:39.618227 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 112
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 08:43:31 AM
Wenn ich das per Skript anstoße, dann bekomme ich folgenden Fehler:

Code Select

/usr/local/etc/rc.filter_synchronize
send >>>
Host: 192.168.199.251
User-Agent: XML_RPC
Content-Type: text/xml
Content-Length: 117
Authorization: Basic c3luYzpPN1hUOWlLdFRBUkN4c2JPYXpsZg==
<?xml version="1.0"?>
<methodCall>
<methodName>opnsense.firmware_version</methodName>
<params>
</params></methodCall>received >>>
error >>>
fetch error. remote host down?


Ein ping auf die 192.168.199.251 funktioniert und die Firewallregel erlaubt alles was IPv4 ist.
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 09:03:41 AM
Packet capture auf unit 2, kommen die Pakete an?
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 09:29:18 AM
Ja, die kommen an. ( in Post Reply #7 )
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 10:20:26 AM
Das sind nur pftables und nicht config sync
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 10:33:23 AM
Es werden auf beiden Seiten nur diese Pakete auf dem PFSYNC interface gesehen.
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 10:37:26 AM
Im Firewall log ist nur auf der sendenen Seite ein Log-Eintrag:

Code Select

PFSYNC Jan 16 10:35:50 192.168.199.253:61313 192.168.199.251:443 tcp let out anything from firewall host itself
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 10:46:04 AM
Zeit mal Screenshot von HA config von beiden Geräten
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 10:56:56 AM
Ich habe beide Screenshots mal angehangen. Ich habe auch gerade festgestellt, das ich auf beiden Seiten beide IP-Adressen anpingen kann, aber nur in eine Richtung die Pakete auch wirklich ankommen - von Master zu Backup
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 12:25:13 PM
OK, Screenshots sehen gut aus. Firewall regeln von beiden von pfsync interface?
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 12:35:08 PM
Die sieht auf beiden Seiten so aus (siehe Anhang).

Edit:
Der Unterschied im Firewall-Log ist, dass von Backup zu Master hat jeder Logeintrag das Label "let out anything from firewall host itself". Anders herum nicht.

Edit2:
Der Sync geht zum Port 443, aber die Services hier lauschen auf beiden Seiten nur lokal:

Code Select

netstat -an |grep 443
tcp6       0      0 ::1.443                *.*                    LISTEN
tcp4       0      0 127.0.0.1.443          *.*                    LISTEN
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 01:22:08 PM
Die OPNsense UI ist über Port 443 erreichbar? Oder hast du den Port geändert?
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 01:22:41 PM
Für Ports besser "sockstat -4" statt netstat.
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 01:30:19 PM
Ja, nur die UI läuft über 443:

sockstat -4  |grep 443
root     lighttpd   88002 9  tcp4   127.0.0.1:443         *:*

Ich habe das Problem auch erst seit dem letzten Update. Die nachfolgenden Patches haben nur das Probem behoben, dass die Anmeldung wieder funktioniert. Müsste nicht der xmlrpc-Dienst noch auf dem Port lauschen ?
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 02:35:46 PM
Nein, aber wieso hört die UI nur auf lokalhost? Hast du bei dem Listen Interface in System : Settings : Administration rumgespielt?
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 03:01:52 PM
Ja, habe ich auf WireGuard gestellt, weil ich die Maschine nur darüber adminstriere.

Edit:
Ich habe pfsync jetzt mit dazu genommen. Ich hätte jetzt vermutet, dass wenn ich pfsync einschalte, dass automatisch der Zugriff auf den Port erlaubt wird. Der Zusammenhang mit dem Punkt WebGUI Administration erschließt sich für mich nicht auf den ersten Blick. Ist das irgendwo dokumentiert ?
Title: Re: CARP demoted (pfsync bulk start)
Post by: mimugmail on January 16, 2021, 03:52:19 PM
Du musst bei ja configuration beim Peer den Port mit dazunehmen, anders kann er sich ja nicht verbinden
Title: Re: CARP demoted (pfsync bulk start)
Post by: atom on January 16, 2021, 04:05:28 PM
Es läuft jetzt auf jeden Fall wieder.
Vielen Dank für Deine Unterstützung.
Text only | Text with Images