CARP and IPS Problem

Started by henningkessler, January 03, 2022, 12:13:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2022, 12:13:57 PM
Hello,

I am running two Supermircos SYS-5018D-FN8T in a HA cluster with OPNsense 21.7.7. I enabled IDS quite a while ago and wanted to switch to IPS. Unfortunately soon after enabling it CARP started flapping especially on the backup system. There had been already some posts which might related to the this problem but with no solution:
https://forum.opnsense.org/index.php?topic=20594.msg95804#msg95804
https://forum.opnsense.org/index.php?topic=20475.msg96098#msg96098

Here is a rather larger part of my system.log of the backup machine:
Code Select

2022-01-03T10:35:53 opnsense[98989] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:35:53 opnsense[98989] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:35:52 kernel lagg0: deletion failed: 3
2022-01-03T10:35:52 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:35:48 sshd[16828] Connection closed by XX.XX.1.63 port 58704 [preauth]
2022-01-03T10:35:34 opnsense[97418] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:35:34 opnsense[97418] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:35:33 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:35:12 opnsense[67818] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:35:12 opnsense[67818] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:35:12 kernel lagg0: deletion failed: 3
2022-01-03T10:35:12 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:34:48 sshd[37127] Connection closed by XX.XX.1.63 port 58486 [preauth]
2022-01-03T10:33:52 opnsense[83395] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:33:52 opnsense[83395] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:33:52 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:33:48 sshd[23598] Connection closed by XX.XX.1.63 port 58254 [preauth]
2022-01-03T10:33:42 opnsense[96228] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:33:42 opnsense[96228] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:33:41 kernel lagg0: deletion failed: 3
2022-01-03T10:33:41 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:32:48 sshd[70982] Connection closed by XX.XX.1.63 port 58006 [preauth]
2022-01-03T10:31:48 sshd[35199] Connection closed by XX.XX.1.63 port 57774 [preauth]
2022-01-03T10:31:44 opnsense[81256] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:31:44 opnsense[81256] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:31:43 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:31:38 opnsense[7406] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:31:38 opnsense[7406] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:31:38 kernel lagg0: deletion failed: 3
2022-01-03T10:31:38 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:31:37 opnsense[96787] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:31:37 opnsense[96787] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:31:36 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:31:32 opnsense[89950] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:31:32 opnsense[89950] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:31:32 kernel lagg0: deletion failed: 3
2022-01-03T10:31:32 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:31:08 opnsense[66145] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:31:08 opnsense[66145] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:31:07 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:30:48 sshd[94824] Connection closed by XX.XX.1.63 port 57534 [preauth]
2022-01-03T10:29:48 sshd[38799] Connection closed by XX.XX.1.63 port 57306 [preauth]
2022-01-03T10:29:09 opnsense[7800] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:29:09 opnsense[7800] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:29:08 kernel lagg0: deletion failed: 3
2022-01-03T10:29:08 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:29:01 opnsense[79098] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:29:01 opnsense[79098] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:29:00 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:28:48 sshd[11391] Connection closed by XX.XX.1.63 port 57078 [preauth]
2022-01-03T10:27:52 opnsense[93964] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:27:52 opnsense[93964] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:27:52 kernel lagg0: deletion failed: 3
2022-01-03T10:27:52 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:27:48 sshd[5844] Connection closed by XX.XX.1.63 port 56856 [preauth]
2022-01-03T10:27:24 opnsense[61991] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:27:24 opnsense[61991] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:27:24 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:26:52 opnsense[35605] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:26:52 opnsense[35605] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:26:51 kernel lagg0: deletion failed: 3
2022-01-03T10:26:51 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:26:49 opnsense[25692] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:26:49 opnsense[25692] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:26:49 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:26:48 sshd[93792] Connection closed by XX.XX.1.63 port 56628 [preauth]
2022-01-03T10:25:48 sshd[34365] Connection closed by XX.XX.1.63 port 56402 [preauth]
2022-01-03T10:25:22 opnsense[73718] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:25:22 opnsense[73718] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:25:22 kernel lagg0: deletion failed: 3
2022-01-03T10:25:22 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:24:48 sshd[63112] Connection closed by XX.XX.1.63 port 56164 [preauth]
2022-01-03T10:23:58 opnsense[3837] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:23:58 opnsense[3837] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:23:58 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:23:52 opnsense[11090] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:23:52 opnsense[11090] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:23:51 kernel lagg0: deletion failed: 3
2022-01-03T10:23:51 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:23:48 sshd[42952] Connection closed by XX.XX.1.63 port 55940 [preauth]
2022-01-03T10:23:29 opnsense[55021] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:23:29 opnsense[55021] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:23:29 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:23:22 opnsense[49096] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:23:22 opnsense[49096] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:23:21 kernel lagg0: deletion failed: 3
2022-01-03T10:23:21 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:22:48 opnsense[55945] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:22:48 opnsense[55945] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:22:48 sshd[58804] Connection closed by XX.XX.1.63 port 55700 [preauth]
2022-01-03T10:22:47 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:21:48 sshd[16849] Connection closed by XX.XX.1.63 port 55474 [preauth]
2022-01-03T10:21:32 opnsense[53008] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:21:32 opnsense[53008] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:21:32 kernel lagg0: deletion failed: 3
2022-01-03T10:21:32 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:21:24 opnsense[84927] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:21:24 opnsense[84927] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:21:23 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:21:02 opnsense[70315] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:21:02 opnsense[70315] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:21:01 kernel lagg0: deletion failed: 3
2022-01-03T10:21:01 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:20:48 sshd[48394] Connection closed by XX.XX.1.63 port 55246 [preauth]
2022-01-03T10:20:41 opnsense[92011] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:20:41 opnsense[92011] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:20:41 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:20:02 opnsense[98517] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:20:02 opnsense[98517] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:20:01 kernel lagg0: deletion failed: 3
2022-01-03T10:20:01 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:19:48 sshd[41827] Connection closed by XX.XX.1.63 port 55034 [preauth]
2022-01-03T10:19:16 opnsense[92403] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:19:16 opnsense[92403] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:19:15 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:19:01 opnsense[3307] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:19:01 opnsense[3307] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:19:01 kernel lagg0: deletion failed: 3
2022-01-03T10:19:01 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:18:49 opnsense[34989] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:18:49 opnsense[34989] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:18:48 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:18:48 sshd[64796] Connection closed by XX.XX.1.63 port 54808 [preauth]
2022-01-03T10:18:32 opnsense[4467] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:18:32 opnsense[4467] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:18:32 kernel lagg0: deletion failed: 3
2022-01-03T10:18:32 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:17:48 sshd[38482] Connection closed by XX.XX.1.63 port 54562 [preauth]
2022-01-03T10:17:29 opnsense[58194] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:17:29 opnsense[58194] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:17:29 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:16:55 opnsense[50281] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:16:55 opnsense[50281] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:16:54 kernel lagg0: deletion failed: 3
2022-01-03T10:16:54 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:16:48 sshd[66347] Connection closed by XX.XX.1.63 port 54342 [preauth]
2022-01-03T10:15:48 sshd[26582] Connection closed by XX.XX.1.63 port 54122 [preauth]
2022-01-03T10:15:29 opnsense[12709] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:15:29 opnsense[12709] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:15:28 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:15:22 opnsense[24209] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:15:22 opnsense[24209] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:15:22 kernel lagg0: deletion failed: 3
2022-01-03T10:15:22 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:15:00 opnsense[24685] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:15:00 opnsense[24685] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:14:59 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:14:52 opnsense[54438] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:14:52 opnsense[54438] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:14:52 kernel lagg0: deletion failed: 3
2022-01-03T10:14:52 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:14:48 sshd[9819] Connection closed by XX.XX.1.63 port 53888 [preauth]
2022-01-03T10:14:33 opnsense[45982] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:14:33 opnsense[45982] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:14:33 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:14:22 opnsense[45745] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:14:22 opnsense[45745] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:14:21 kernel lagg0: deletion failed: 3
2022-01-03T10:14:21 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:13:48 sshd[15876] Connection closed by XX.XX.1.63 port 53664 [preauth]
2022-01-03T10:13:22 opnsense[35345] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:13:22 opnsense[35345] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:13:22 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:12:48 sshd[92490] Connection closed by XX.XX.1.63 port 53436 [preauth]
2022-01-03T10:12:32 opnsense[22824] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:12:32 opnsense[22824] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:12:32 kernel lagg0: deletion failed: 3
2022-01-03T10:12:32 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:12:03 opnsense[70656] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:12:03 opnsense[70656] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:12:02 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:11:48 sshd[14449] Connection closed by XX.XX.1.63 port 53198 [preauth]
2022-01-03T10:10:48 sshd[13061] Connection closed by XX.XX.1.63 port 52970 [preauth]
2022-01-03T10:09:55 opnsense[11753] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:09:55 opnsense[11753] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:09:54 kernel lagg0: deletion failed: 3
2022-01-03T10:09:54 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:09:48 sshd[4448] Connection closed by XX.XX.1.63 port 52754 [preauth]
2022-01-03T10:09:45 /send_heartbeat.py[81521] unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 403)
2022-01-03T10:08:48 sshd[42346] Connection closed by XX.XX.1.63 port 52520 [preauth]
2022-01-03T10:07:59 opnsense[8806] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:07:59 opnsense[8806] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:07:59 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:07:52 opnsense[57612] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:07:52 opnsense[57612] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:07:51 kernel lagg0: deletion failed: 3
2022-01-03T10:07:51 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:07:48 sshd[10962] Connection closed by XX.XX.1.63 port 52300 [preauth]
2022-01-03T10:07:26 opnsense[85579] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:07:26 opnsense[85579] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:07:26 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:07:22 opnsense[66863] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:07:22 opnsense[66863] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:07:21 kernel lagg0: deletion failed: 3
2022-01-03T10:07:21 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:06:48 sshd[68917] Connection closed by XX.XX.1.63 port 52078 [preauth]
2022-01-03T10:06:11 opnsense[82316] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:06:11 opnsense[82316] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:06:10 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:06:01 opnsense[15045] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:06:01 opnsense[15045] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:06:01 kernel lagg0: deletion failed: 3
2022-01-03T10:06:01 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:05:48 sshd[91170] Connection closed by XX.XX.1.63 port 51856 [preauth]
2022-01-03T10:05:35 opnsense[17263] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:05:35 opnsense[17263] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:05:34 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:05:31 opnsense[37282] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:05:31 opnsense[37282] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:05:31 kernel lagg0: deletion failed: 3
2022-01-03T10:05:31 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:04:48 sshd[20225] Connection closed by XX.XX.1.63 port 51610 [preauth]
2022-01-03T10:03:48 sshd[28497] Connection closed by XX.XX.1.63 port 51370 [preauth]
2022-01-03T10:03:01 opnsense[7286] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:03:01 opnsense[7286] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:03:00 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:02:48 sshd[89851] Connection closed by XX.XX.1.63 port 51134 [preauth]
2022-01-03T10:02:47 opnsense[35560] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:02:47 opnsense[35560] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:02:47 kernel lagg0: deletion failed: 3
2022-01-03T10:02:47 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:02:34 opnsense[55499] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:02:34 opnsense[55499] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:02:33 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:01:48 sshd[72502] Connection closed by XX.XX.1.63 port 50912 [preauth]
2022-01-03T10:01:47 opnsense[95828] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:01:47 opnsense[95828] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:01:47 kernel lagg0: deletion failed: 3
2022-01-03T10:01:47 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:00:50 opnsense[90334] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:50 opnsense[90334] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:00:50 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:00:48 sshd[45402] Connection closed by XX.XX.1.63 port 50692 [preauth]
2022-01-03T10:00:47 opnsense[22346] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:47 opnsense[22346] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:00:46 kernel lagg0: deletion failed: 3
2022-01-03T10:00:46 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:00:36 opnsense[92514] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:36 opnsense[92514] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:00:36 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:00:32 opnsense[82847] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:32 opnsense[82847] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:00:31 kernel lagg0: deletion failed: 3
2022-01-03T10:00:31 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T10:00:29 opnsense[74533] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:29 opnsense[74533] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T10:00:29 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T10:00:22 opnsense[77233] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T10:00:22 opnsense[77233] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T10:00:21 kernel lagg0: deletion failed: 3
2022-01-03T10:00:21 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:59:52 opnsense[11159] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:59:52 opnsense[11159] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:59:51 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:59:48 sshd[48200] Connection closed by XX.XX.1.63 port 50466 [preauth]
2022-01-03T09:59:21 opnsense[18360] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:59:21 opnsense[18360] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:59:21 kernel lagg0: deletion failed: 3
2022-01-03T09:59:21 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:58:48 sshd[33641] Connection closed by XX.XX.1.63 port 50240 [preauth]
2022-01-03T09:58:48 opnsense[91975] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:58:48 opnsense[91975] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:58:47 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:58:44 opnsense[20331] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:58:44 opnsense[20331] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:58:44 kernel lagg0: deletion failed: 3
2022-01-03T09:58:44 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:57:48 sshd[30629] Connection closed by XX.XX.1.63 port 49998 [preauth]
2022-01-03T09:57:35 opnsense[85189] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:57:35 opnsense[85189] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:57:35 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:57:32 opnsense[97950] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:57:32 opnsense[97950] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:57:31 kernel lagg0: deletion failed: 3
2022-01-03T09:57:31 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:57:19 opnsense[8335] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:57:19 opnsense[8335] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:57:19 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:57:15 opnsense[97566] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:57:15 opnsense[97566] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:57:14 kernel lagg0: deletion failed: 3
2022-01-03T09:57:14 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:56:51 opnsense[32087] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:56:51 opnsense[32087] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:56:50 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:56:48 sshd[14119] Connection closed by XX.XX.1.63 port 49778 [preauth]
2022-01-03T09:56:45 opnsense[38427] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:56:45 opnsense[38427] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:56:44 kernel lagg0: deletion failed: 3
2022-01-03T09:56:44 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:55:57 opnsense[25629] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:55:57 opnsense[25629] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:55:56 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:55:48 sshd[36309] Connection closed by XX.XX.1.63 port 49548 [preauth]
2022-01-03T09:55:22 opnsense[80852] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:55:22 opnsense[80852] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:55:22 kernel lagg0: deletion failed: 3
2022-01-03T09:55:22 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:54:48 sshd[33242] Connection closed by XX.XX.1.63 port 49318 [preauth]
2022-01-03T09:53:48 sshd[16988] Connection closed by XX.XX.1.63 port 49078 [preauth]
2022-01-03T09:53:10 opnsense[4792] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:53:10 opnsense[4792] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:53:09 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:53:02 opnsense[88197] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:53:02 opnsense[88197] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:53:01 kernel lagg0: deletion failed: 3
2022-01-03T09:53:01 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:52:55 opnsense[46132] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:52:55 opnsense[46132] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:52:54 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:52:48 sshd[8266] Connection closed by XX.XX.1.63 port 48844 [preauth]
2022-01-03T09:52:08 opnsense[27935] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:52:08 opnsense[27935] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "BACKUP" for vhid 5
2022-01-03T09:52:08 kernel lagg0: deletion failed: 3
2022-01-03T09:52:08 kernel carp: 5@lagg0: MASTER -> BACKUP (more frequent advertisement received)
2022-01-03T09:51:48 sshd[1830] Connection closed by XX.XX.1.63 port 48618 [preauth]
2022-01-03T09:50:48 sshd[29721] Connection closed by XX.XX.1.63 port 48384 [preauth]
2022-01-03T09:49:48 sshd[95649] Connection closed by XX.XX.1.63 port 48156 [preauth]
2022-01-03T09:49:43 opnsense[62992] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface XX.XX.1.254 - LAN CARP.
2022-01-03T09:49:43 opnsense[62992] /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "XX.XX.1.254 - LAN CARP (5@lagg0)" has resumed the state "MASTER" for vhid 5
2022-01-03T09:49:42 kernel carp: 5@lagg0: BACKUP -> MASTER (master timed out)
2022-01-03T09:48:48 sshd[14573] Connection closed by XX.XX.1.63 port 47930 [preauth]
2022-01-03T09:47:48 sshd[59518] Connection closed by XX.XX.1.63 port 47700 [preauth]
January 09, 2022, 10:44:11 AM #1
Unfortunately I don't have any solutions, but I do have the same problem.

After rebooting the master firewall in my cluster, it takes up to 5 minutes after it is back up again for CARP to become stable.

It seems ok at first, but after suricata has started, it begins to flap for about 5 minutes and then becomes stable again.

Unfortunately I can't really post much in the way of logs, it's a business firewall and there's too much information in it.

As a HA pair, this is rather unsatisfactory ;) .
January 09, 2022, 02:58:01 PM #2
Hm, usually when IPS is fully loaded (about 30-120sec) everything should work fine
January 09, 2022, 08:14:00 PM #3
My Problems unfortunately are persisting that period...
January 10, 2022, 10:31:23 AM #4
@henningkessler: Have you opened an issue in github?
January 10, 2022, 10:36:45 AM #5
hi bimbar,

no I haven't until now because I still wasn't really convinced if this is a bug or maybe a configuration issue on my side.

January 10, 2022, 11:03:05 AM #6
Maybe we do have different problems. I don't have a lagg and I don't have any timeouts, for me it's just:

Code Select
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .

and so on.

But it also starts shortly after suricata activation.
January 10, 2022, 11:23:28 AM #7
well at least the amount of these entries
Code Select
kernel lagg0: deletion failed: 3
could be a hint in that direction
January 10, 2022, 12:41:07 PM #8
Quote from: bimbar on January 10, 2022, 11:03:05 AM
Maybe we do have different problems. I don't have a lagg and I don't have any timeouts, for me it's just:

Code Select
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .

and so on.

But it also starts shortly after suricata activation.

Do you use promisc mode and listen on igb0 instead of every assigned VLAN?
January 10, 2022, 04:32:15 PM #9
Quote from: mimugmail on January 10, 2022, 12:41:07 PM
Quote from: bimbar on January 10, 2022, 11:03:05 AM
Maybe we do have different problems. I don't have a lagg and I don't have any timeouts, for me it's just:

Code Select
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:55:44 fw-one-001.one-it.de opnsense-business[97074]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:55:48 fw-one-001.one-it.de opnsense-business[60232]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "BACKUP" for vhid 8
Jan  8 18:56:23 fw-one-001.one-it.de opnsense-business[70670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "172.28.4.1 -  (8@igb3_vlan40)" has resumed the state "MASTER" for vhid 8
Jan  8 18:56:35 fw-one-001.one-it.de opnsense-business[14314]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 172.28.4.1 - .

and so on.

But it also starts shortly after suricata activation.

Do you use promisc mode and listen on igb0 instead of every assigned VLAN?

Yes, promiscuous mode and listening on [igb3]. Also, the same problem happens on igb0 and igb2, which are untagged interfaces.
Print
Go Up Pages1
User actions