Messages

Is it possible to specify a mesh of 3 or more pfsync members?   Use case is for cloud platform (azure, GCP, AWS) deployments where multicast is not permitted and a scale out scenario of load balanced active-active cluster of opnsense instances. 

Hello.   Would like to understand how to programmatically "Synchronize config to backup".   Our use case is:

* Two opnsense firewalls
* lets encrypt running on the one designated as "primary"
* upon trust change (new certs) would like to propagate to backup node
* I'm able to do this via "configctl filter sync restart" and cron, however would like to understand how this could work natively within opnsense system cron / api / etc.

Thanks.

Thanks for this, but unlike an OS, Opnsense is the distribution (not RH / Cent / Freebsd).   I'm thinking there should be a hook built into the FRR package to detect and reload routes on I/F reset / apply.   I've made a note of this in our processes, however other routing / security platforms / distributions have that process link between them.   

Would this constitute a formal feature request or there's another mechanism to post such a request to the OpnSense developers?

FRR keeps running, BGP session active.  Interface doesn't go away.  When Interface setting are applied the BGP  learned routes are cleared from the routing table (only static ones persist).  I'm thinking there needs to be a process to refresh routing tables or restart BGP as part of interface "apply" workflow. 

And no, it doesn't happen on every other OS. 

Hi.  I'm running BGP via FRR in Opnsense 18.7.10.  Have BGP going via FRR, everything works great.  However, noticed that everyone settings are applied to a NIC (eg IP changes, new NIC etc) dynamically learned routes disappear from the opnsense route table.  Have to restart BGP session to get them back.  Is this by design or am I missing something?