"
I have now tested the patch on version 27.7.10 with different Deciso models, and the error no longer occurs.
I will then test it on 27.7.11_2.
Thanks again for your support.
I will then test it on 27.7.11_2.
Thanks again for your support.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 26, 2026, 11:20:54 AM #2
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 20, 2026, 10:53:19 AM
Thanks for the info, then we'll wait for version 26.x
#3
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 15, 2026, 04:53:00 PMconfigctl interface list ifconfig has worked
no change in behavior
#4
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 14, 2026, 04:08:24 PM
I need the BGP; I only mentioned it because it had no effect with or without BGP. I was trying to narrow down the error that way.
How do we proceed from here, and will there be a solution?
How do we proceed from here, and will there be a solution?
#5
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 14, 2026, 09:07:46 AM
okay now
After updating from 25.1.12 to 25.7.1, ( i update only the Slave for better rollback ) the previously described timeout error occurs, as can be clearly seen here.
2026-01-14T08:58:08
Notice
opnsense
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "CARP Vlan_206 (10.10.21.4) (110@vlan02)" has resumed the state "MASTER" for vhid 110
2026-01-14T08:58:08
Error
configctl
error in configd communication Traceback (most recent call last): File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out
2026-01-14T08:56:09
Notice
watchfrr
[KWE5Q-QNGFC] all daemons up, doing startup-complete notify
2026-01-14T08:56:09
Notice
watchfrr
[QDG3Y-BY5TN] zebra state -> up : connect succeeded
2026-01-14T08:56:09
Notice
watchfrr
[QDG3Y-BY5TN] mgmtd state -> up : connect succeeded
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : openvpn_refresh_crls(1))
2026-01-14T08:56:08
Notice
watchfrr
[T83RR-8SM5G] watchfrr 10.4 starting: vty@0
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : core_trust_crl(1))
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (1)
2026-01-14T08:56:08
Notice
kernel
<6>[433] carp: 100@ax1: BACKUP -> MASTER (preempting a slower master)
After updating from 25.1.12 to 25.7.1, ( i update only the Slave for better rollback ) the previously described timeout error occurs, as can be clearly seen here.
2026-01-14T08:58:08
Notice
opnsense
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "CARP Vlan_206 (10.10.21.4) (110@vlan02)" has resumed the state "MASTER" for vhid 110
2026-01-14T08:58:08
Error
configctl
error in configd communication Traceback (most recent call last): File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out
2026-01-14T08:56:09
Notice
watchfrr
[KWE5Q-QNGFC] all daemons up, doing startup-complete notify
2026-01-14T08:56:09
Notice
watchfrr
[QDG3Y-BY5TN] zebra state -> up : connect succeeded
2026-01-14T08:56:09
Notice
watchfrr
[QDG3Y-BY5TN] mgmtd state -> up : connect succeeded
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : openvpn_refresh_crls(1))
2026-01-14T08:56:08
Notice
watchfrr
[T83RR-8SM5G] watchfrr 10.4 starting: vty@0
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : core_trust_crl(1))
2026-01-14T08:56:08
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (1)
2026-01-14T08:56:08
Notice
kernel
<6>[433] carp: 100@ax1: BACKUP -> MASTER (preempting a slower master)
#6
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 14, 2026, 08:35:22 AM
Short info,
config:
ipsec legacy side to side tunnel
OPVPN legacy side to side tunnel TAP L2 bridge
Wireguard side to side tunnel
os-frr activate bgb not activate
migrate from 24.7.12 to 25.1.1 fail over behavior okay no error message
migrate from 25.1.1 to 25.1.4 fail over behavior okay no error message
migrate from 25.1.4 to 25.1.12 fail over behavior okay no error message
next step go to 25.7.1
One more question: how many intermediate steps should I take starting on 25.7.x
config:
ipsec legacy side to side tunnel
OPVPN legacy side to side tunnel TAP L2 bridge
Wireguard side to side tunnel
os-frr activate bgb not activate
migrate from 24.7.12 to 25.1.1 fail over behavior okay no error message
migrate from 25.1.1 to 25.1.4 fail over behavior okay no error message
migrate from 25.1.4 to 25.1.12 fail over behavior okay no error message
next step go to 25.7.1
One more question: how many intermediate steps should I take starting on 25.7.x
#7
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 12, 2026, 02:49:16 PM
Okay, I understand.
I need to find a time slot where I can downgrade to 24.7.12. and after this step by step to the higher ver.
Unfortunately, some changes have already been made to the configuration, as changes were also made to the remote site.
I'll get back to you with more information;
I need to find a time slot where I can downgrade to 24.7.12. and after this step by step to the higher ver.
Unfortunately, some changes have already been made to the configuration, as changes were also made to the remote site.
I'll get back to you with more information;
#8
High availability / Re: CARP OS-FRR timeout after upgrade to rel 25.7.10
January 12, 2026, 01:31:10 PM
Wireguard and OPNVPN Legacy Depend on CARP activated also OS-FRR
more Facts :
( pairs : Master:Slave )
Tested on various devices with CARP same behavior
1 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Legacy Side to Side Client
Wireguard Site to Side tunnel
1 pair : activate only frr Failover time out .
ipsec side to side tunnel : no time out
OPNVPN Legacy Side to Side Client : timeout
Wireguard Site to Side tunnel : timeout
In OPNVPN Legacy, it's very clear that when there's a connection status, all information about the tunnels is missing.
after the time out ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
Then you can see the information and you can also ping the remote
Wireguard Status after 2 min you can ping the remote
** 2 pair **
2 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Instance Server Side to Side TAP Brige L2 (move for test the tunnel from leagcy to Instance / see comment below ****** )
Wireguard Site to Side tunnel
2 pair : activate only frr Failover time out .
ipsec side to side tunnel: no time out
OPNVPN Instance Server Side to Side TAP Brige L2 time out (move for test the tunnel from leagcy to Instance )
Wireguard Site to Side tunnel time out
same error in the logs : ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
I have the problem with 16 Pairs ( Master:Slave ) ; I have performed a rollback to 24.7.12 for all, but 2 pairs for further investigation runs 25.7.10.
*******
OPNVPN Instance TAP L2 brige (without FRR)
After switching the OPVN tunnel (server) from legacy to instance TAP L2 with interface and bridge, the failover only works partially. After switching to slave, no connection is established, even after a longer waiting time. It's not possible to connect to the deactivated master, but if you kill it on the master, you can see that the client reconnects to the slave. Even when the master is activated, this doesn't always work immediately.
In Legacy runs without any trouble
*********
more Facts :
( pairs : Master:Slave )
Tested on various devices with CARP same behavior
1 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Legacy Side to Side Client
Wireguard Site to Side tunnel
1 pair : activate only frr Failover time out .
ipsec side to side tunnel : no time out
OPNVPN Legacy Side to Side Client : timeout
Wireguard Site to Side tunnel : timeout
In OPNVPN Legacy, it's very clear that when there's a connection status, all information about the tunnels is missing.
after the time out ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
Then you can see the information and you can also ping the remote
Wireguard Status after 2 min you can ping the remote
** 2 pair **
2 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Instance Server Side to Side TAP Brige L2 (move for test the tunnel from leagcy to Instance / see comment below ****** )
Wireguard Site to Side tunnel
2 pair : activate only frr Failover time out .
ipsec side to side tunnel: no time out
OPNVPN Instance Server Side to Side TAP Brige L2 time out (move for test the tunnel from leagcy to Instance )
Wireguard Site to Side tunnel time out
same error in the logs : ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
I have the problem with 16 Pairs ( Master:Slave ) ; I have performed a rollback to 24.7.12 for all, but 2 pairs for further investigation runs 25.7.10.
*******
OPNVPN Instance TAP L2 brige (without FRR)
After switching the OPVN tunnel (server) from legacy to instance TAP L2 with interface and bridge, the failover only works partially. After switching to slave, no connection is established, even after a longer waiting time. It's not possible to connect to the deactivated master, but if you kill it on the master, you can see that the client reconnects to the slave. Even when the master is activated, this doesn't always work immediately.
In Legacy runs without any trouble
*********
#9
High availability / CARP OS-FRR timeout after upgrade to rel 25.7.10
January 12, 2026, 10:59:33 AM
Hello,
After updating several devices from 24.7.12 to 25.7.10, the following error occurs with the os-frr plugin:
After failover to the slave, it takes approximately 2 minutes until the connection to the endpoints via WireGuard and OPVPN is restored. Oddly, the IPsec tunnels are not affected. Without activating the os-frr plugin, everything works perfectly. Simply activating os-frr is enough to trigger the error; BGP doesn't even need to be enabled.
The same problem occurs when reverting to the master server.
According to the log:
After BACKUP -> MASTER, os-frr (zebra) starts, and then there's an error with configd with a timeout of approximately 2 minutes. After that, the remaining Carp interfaces are activated in /usr/local/etc/rc.syshook.d/carp/20-openvpn.
What could be causing this error? I haven't found anything relevant in the log!
Hardware used: Deciso
Logs:
2026-01-12T09:00:14
Notice
opnsense
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "CARP WAN FW PORT 102 (185.120.61.102) (102@ax1)" has resumed the state "MASTER" for vhid 102
2026-01-12T09:00:14
Error
configctl
error in configd communication Traceback (most recent call last): File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out
2026-01-12T08:58:15
Notice
watchfrr
[KWE5Q-QNGFC] all daemons up, doing startup-complete notify
2026-01-12T08:58:15
Notice
watchfrr
[QDG3Y-BY5TN] zebra state -> up : connect succeeded
2026-01-12T08:58:15
Notice
watchfrr
[QDG3Y-BY5TN] mgmtd state -> up : connect succeeded
2026-01-12T08:58:15
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : openvpn_refresh_crls(1))
2026-01-12T08:58:15
Notice
watchfrr
[T83RR-8SM5G] watchfrr 10.5.0 starting: vty@0
2026-01-12T08:58:14
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : core_trust_crl(1))
2026-01-12T08:58:14
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (1)
2026-01-12T08:58:14
Notice
kernel
<6>[144370] carp: 110@vlan02: BACKUP -> MASTER (preempting a slower master)
After updating several devices from 24.7.12 to 25.7.10, the following error occurs with the os-frr plugin:
After failover to the slave, it takes approximately 2 minutes until the connection to the endpoints via WireGuard and OPVPN is restored. Oddly, the IPsec tunnels are not affected. Without activating the os-frr plugin, everything works perfectly. Simply activating os-frr is enough to trigger the error; BGP doesn't even need to be enabled.
The same problem occurs when reverting to the master server.
According to the log:
After BACKUP -> MASTER, os-frr (zebra) starts, and then there's an error with configd with a timeout of approximately 2 minutes. After that, the remaining Carp interfaces are activated in /usr/local/etc/rc.syshook.d/carp/20-openvpn.
What could be causing this error? I haven't found anything relevant in the log!
Hardware used: Deciso
Logs:
2026-01-12T09:00:14
Notice
opnsense
/usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "CARP WAN FW PORT 102 (185.120.61.102) (102@ax1)" has resumed the state "MASTER" for vhid 102
2026-01-12T09:00:14
Error
configctl
error in configd communication Traceback (most recent call last): File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out
2026-01-12T08:58:15
Notice
watchfrr
[KWE5Q-QNGFC] all daemons up, doing startup-complete notify
2026-01-12T08:58:15
Notice
watchfrr
[QDG3Y-BY5TN] zebra state -> up : connect succeeded
2026-01-12T08:58:15
Notice
watchfrr
[QDG3Y-BY5TN] mgmtd state -> up : connect succeeded
2026-01-12T08:58:15
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : openvpn_refresh_crls(1))
2026-01-12T08:58:15
Notice
watchfrr
[T83RR-8SM5G] watchfrr 10.5.0 starting: vty@0
2026-01-12T08:58:14
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (execute task : core_trust_crl(1))
2026-01-12T08:58:14
Notice
opnsense
/usr/local/sbin/pluginctl: plugins_configure crl (1)
2026-01-12T08:58:14
Notice
kernel
<6>[144370] carp: 110@vlan02: BACKUP -> MASTER (preempting a slower master)
Pages1
