Messages

1

21.1 Legacy Series / Re: Let's Encrypt: Automation: SCP fails

« on: May 06, 2021, 06:26:28 pm »

Keep in mind that when using ssh/scp for the first time you need to accept the host key. This often leads to problems with automations run with non-login users since there is no person that can accept the host key.

If this is your issue, there are several solutions, here are two:

1. Run "yes | scp ...." in the script file once, then remove "yes |".
2. Copy the entry from your user's ~/.ssh/known_hosts to the automation user's known_hosts file.

2

High availability / Re: Better and safer procedure for updating firewalls

« on: April 21, 2021, 10:18:03 pm »

I followed the instructions at https://docs.opnsense.org/manual/how-tos/carp.html and it worked for me.


Example: Updating a CARP HA Cluster
Running a redundant Active/Passive cluster leads to the expectation to have zero downtime. To keep the downtime at a minimum when running updates just follow these steps:

Update your secondary unit and wait until it is online again

On your primary unit go to Firewall ‣ Virtual IPs ‣ Status and click Enter Persistent CARP Maintenance Mode

You secondary unit is now MASTER, check if all services like DHCP, VPN, NAT are working correctly

If you ensured the update was fine, update your primary unit and hit Leave Persistent CARP Maintenance Mode

With these steps you will not lose too many packets and your existing connection will be transferred as well. Also note that entering persistent mode survives a reboot.