OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: mestafin on January 01, 2018, 07:45:48 pm

Title: CARP PFSYNC Deletes Firewall Rule
Post by: mestafin on January 01, 2018, 07:45:48 pm
Hi,
I am running OPNSense 17.7.5-amd64 on a 2 x OPNsense Quad Core Gen3 SSD (Model SKU OPN19004R).
I have configured CARD and the Failover works 100%, even with a SITE-to-SITE IPsec tunnel to head-office Router.

The PFSYNC interfaces are dedicated and connected point-to-point with a cable.

I have one major problem. Whenever the Master syncs the config to the Slave, it deletes the firewall rule on the PFSYNC interface of the Slave that accepts sync traffic.

The rule simply accepts all traffic from PFSYNC net to PFSYNC net.

To start the sync process, I manually configure this rule on the Master and the Slave.

When I make any change to any firewall rule on the Master, even just changing the description of a rule on the master, this rule on the PFSYNC interface is deleted on the Slave and all further syncs fail until I manually add the rule again on the Slave.

Other firewall rules are transferred correctly to the Slave on the other interfaces.

Any ideas how to fix this?


Title: Re: CARP PFSYNC Deletes Firewall Rule
Post by: td007 on March 22, 2018, 10:42:56 am
hi  :)
I have exactly the same problem in opnsense version 18.1.4

Is there already a solution?

Best regards
TD
Title: Re: CARP PFSYNC Deletes Firewall Rule
Post by: td007 on March 22, 2018, 11:53:46 am
Here ist the solution:
https://forum.pfsense.org/index.php?topic=41290.30

In short words:
Go to System, Configuration and export the config of master and backup.
Change in the backup.xml the tag "opt?" of carpsync to the same as in master.
Import and reboot.