OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Tsuroerusu on July 26, 2017, 08:17:12 pm

Title: XMLRPC sync and HTTPS
Post by: Tsuroerusu on July 26, 2017, 08:17:12 pm

I am configuring two OPNsense systems in a high availability setup with CARP, pfSync, XMLRPC etc. for full redundancy. I have also installed my own self-signed certificates for the WebGUI.

When configuring things I noticed something that I am rather curious about. On screen in the sync settings it mentions to specify the full URL for the secondary firewall, and it gives an HTTPS sample URL. That got me to wonder, does XMLRPC ignore any certificate validation when sync the configuration or does it fail if it cannot validate the certificate of the other machine?

Title: Re: XMLRPC sync and HTTPS
Post by: AdSchellevis on July 27, 2017, 07:01:07 am

Yes, it does ignore the certificate for xmlrpc. When properly configured, carp/hasync should be attached by a single crosslink cable, which makes it quite hard to intercept, but an option to validate the certificate might be a good idea to add. You could add an issue on GitHub for it.