OPNsense Forum

English Forums => High availability => Topic started by: timper on July 22, 2022, 10:59:14 pm

Title: [SOLVED] Problem Loading High Availability Status Page
Post by: timper on July 22, 2022, 10:59:14 pm

EDIT2: SOLVED
See this thread for my solution:
https://forum.netgate.com/topic/37555/solved-firewall-rule-on-carp-interface-keeps-being-deleted-after-sync/31?lang=en-US

EDIT:
I might have figured out how to get back into the status page.
It seems as though all of my secondary firewall settings were wiped during the sync command.

My firewall SYNC rules seem to reset when I run a sync.
How do I fix this?

Hi there,

This setup used to present me with no issues.
I'm currently running two instances of Opnsense in high availability.

I used to be able to sync data from the master to the secondary node with the status page.

Now, the status page will not even load (although it has randomly loaded once or twice and let me sync, but becomes unavailable again)
When it is unavailable, it gives me the following error:
"The backup firewall is not accessible or not configured."

Where do I even begin trying to figure out why I magically can't sync data or access the status page anymore?

If my main node goes down, the secondary node promotes to master and when the main node comes back up, it is promoted back to master.
Everything besides syncing and accessing the status page is functioning properly.

Thanks.

Title: Re: [SOLVED] Problem Loading High Availability Status Page
Post by: Patrick M. Hausen on July 23, 2022, 12:59:15 pm

The master cannot reach the backup node's UI/API. The UI service needs to be present and also an "allow all" rule on the sync interface.

Title: Re: [SOLVED] Problem Loading High Availability Status Page
Post by: Zeimin on March 20, 2024, 07:38:39 am

I know this is marked solved but its the first post that comes up. After two days of messing with HA, spinning up new VMs, I figured out the problem was due to ACME client and port redirection from the master. All I had to do was click the (i) and it was pretty obvious. Ensure if you have changed the web admin port you specify the entire URI under the System->High Availability->Settings> Synchronize Config to ip.  IE https://192.168.0.2:8443. They synchronize Peer IP remains just an IP. I hope this save someone time. The is the only thing left out of the official documentation.

Remember HA is using web API to configure everything.