1
High availability / Config Sync (XMLRPC) not Syncing to Secondary
« on: August 25, 2022, 05:36:09 pm »
I am setting up OPNSense (Version: 22.7-amd64, FreeBSD 13.1-RELEASE, OpenSSL 1.1.1q 5 Jul 2022) to be in an HA Cluster with another OPNSense firewall (both were installed at the same time with the same installer, I use the Serial Console Installer). I have them configured and CARP setup (which is working), but when I went to set up the HA Config Sync I cannot get the config to sync over.
When I try and preform a Sync, I see it does the "pfsync bulk start" and thank it does a "pfsync bulk done" shortly after on the console. When I got to Status all I see is "The backup firewall is not accessible or not configured.". I have compared the settings to another OPNSense cluster (older version) and they are similar (different IPs and and different options selected on what to sync). I turned on logging for the rule on my HA interface (which is wide open) and I can see the traffic being allowed. I do not see anything in the logs specific to the syncing.
I am at a loss as to why the Config Sync is not working as it should (or if it is working and the Status page is broken). I have seen post were people talked about a semi-colon in the password being an issue. I am not using a semi-colon in the password and after removing all special characters, the issue was still present (so I do not thing that is the issue). The Web Interface is allowed on all interfaces as well.
When I try and preform a Sync, I see it does the "pfsync bulk start" and thank it does a "pfsync bulk done" shortly after on the console. When I got to Status all I see is "The backup firewall is not accessible or not configured.". I have compared the settings to another OPNSense cluster (older version) and they are similar (different IPs and and different options selected on what to sync). I turned on logging for the rule on my HA interface (which is wide open) and I can see the traffic being allowed. I do not see anything in the logs specific to the syncing.
I am at a loss as to why the Config Sync is not working as it should (or if it is working and the Status page is broken). I have seen post were people talked about a semi-colon in the password being an issue. I am not using a semi-colon in the password and after removing all special characters, the issue was still present (so I do not thing that is the issue). The Web Interface is allowed on all interfaces as well.