pfsync state table synchronization problem

Started by angab, August 30, 2017, 10:37:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 30, 2017, 10:37:12 AM
Hi,
  I have 2 bridge firewalls with HA configured (no CARP). They sync both state table and configurations (fw rule, etc.), but when I reboot a fw they stop sync the state table but they keep sync the configurations.
They restart to sync the state table when I press the save button in the HA configuration page (System->High Availability->Settings) of the rebooted fw. The pfsync interface of the rebooted fw is not configured (syncpeer and syndev not set) until I press the save button.

When the 2 firewalls are sync the state table, I have the following in both the firewalls

Code Select
# ifconfig pfsync0
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
   groups: pfsync
   pfsync: syncdev: em4 syncpeer: 224.0.0.240 maxupd: 128 defer: off

when I reboot a fw, in the rebooted fw I have

Code Select
# ifconfig pfsync0
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: off

Firewall A - configurations
Code Select
    <opt2>
      <if>em4</if>
      <descr>pfsync</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>10.0.0.1</ipaddr>
      <subnet>24</subnet>
    </opt2>

Code Select
  <hasync>
    <synchronizealiases>on</synchronizealiases>
    <synchronizerules>on</synchronizerules>
    <synchronizeusers>on</synchronizeusers>
    <synchronizesuricata>on</synchronizesuricata>
    <pfsyncpeerip/>
    <pfsyncinterface>opt2</pfsyncinterface>
    <synchronizetoip>10.0.0.2</synchronizetoip>
    <username>root</username>
    <password>********</password>
    <synchronizedhcpd>on</synchronizedhcpd>
    <synchronizenat>on</synchronizenat>
    <synchronizeschedules>on</synchronizeschedules>
    <synchronizestaticroutes>on</synchronizestaticroutes>
    <synchronizevirtualip>on</synchronizevirtualip>
    <synchronizednsforwarder>on</synchronizednsforwarder>
    <synchronizeipsec>on</synchronizeipsec>
    <synchronizeopenvpn>on</synchronizeopenvpn>
    <synchronizeshaper>on</synchronizeshaper>
    <synchronizecaptiveportal>on</synchronizecaptiveportal>
    <synchronizesquid>on</synchronizesquid>
    <synchronizednsresolver>on</synchronizednsresolver>
    <synchronizeauthservers>on</synchronizeauthservers>
    <pfsyncenabled>on</pfsyncenabled>
  </hasync>

Firewall B - Configurations
Code Select
    <opt2>
      <if>em2</if>
      <descr>pfsync</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>10.0.0.2</ipaddr>
      <subnet>24</subnet>
    </opt2>

Code Select
  <hasync>
    <synchronizealiases>on</synchronizealiases>
    <synchronizerules>on</synchronizerules>
    <synchronizesuricata>on</synchronizesuricata>
    <pfsyncpeerip/>
    <pfsyncinterface>opt2</pfsyncinterface>
    <synchronizetoip/>
    <username/>
    <password/>
    <synchronizedhcpd>on</synchronizedhcpd>
    <synchronizenat>on</synchronizenat>
    <synchronizeschedules>on</synchronizeschedules>
    <synchronizestaticroutes>on</synchronizestaticroutes>
    <synchronizevirtualip>on</synchronizevirtualip>
    <synchronizednsforwarder>on</synchronizednsforwarder>
    <synchronizeipsec>on</synchronizeipsec>
    <synchronizeopenvpn>on</synchronizeopenvpn>
    <synchronizeshaper>on</synchronizeshaper>
    <synchronizecaptiveportal>on</synchronizecaptiveportal>
    <synchronizesquid>on</synchronizesquid>
    <synchronizednsresolver>on</synchronizednsresolver>
    <synchronizeauthservers>on</synchronizeauthservers>
    <synchronizecerts>on</synchronizecerts>
    <pfsyncenabled>on</pfsyncenabled>
  </hasync>


Thanks.
Print
Go Up Pages1
User actions