[Solved] XMLRPC is copying wrong settings

Started by steilfirn_8000, April 16, 2022, 08:39:20 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2022, 08:39:20 AM Last Edit: April 20, 2022, 11:37:49 AM by steilfirn_8000
Hello everyone,

yesterday I launched a 2nd OPNsense VM on my Proxmox hypervisor to give HA a try.
Both VMs have mostly the same configuration - only the CPU type differs (AMD vs Intel).

I also added XMLRPC to "copy/past" the firewall configuration from my working OPNsense to the newly build one and for most configuration settings it works but not for all.

E.g.: Virtual IPs are being connected to the wrong interface on the 2nd firewall while they are correct on the 1st one.


Is this a known issue or am I doing something wrong?
April 19, 2022, 08:31:52 AM #1
Interface names and order must match exactly between nodes of HA pair for this to work.


Cheers,
Franco
April 20, 2022, 10:20:14 AM #2
Hello Franco,

it does - the interface names + the description are identical.
April 20, 2022, 10:22:43 AM #3
But the order needs to be the same as well. Compare on Interfaces: Overview.


Cheers,
Franco
April 20, 2022, 10:30:31 AM #4
Ok I see... at this overview it seems that OPNsense is using differnt alternative interface names:

e.g.: FW 1 - IoT_90 (opt9, vtnet7) vs FW 2 - IoT_90 (opt3, vtnet7)


Is it possible to change this opt number accoring to the setup of FW1?
April 20, 2022, 10:55:43 AM #5
You can try to edit /conf/config.xml manually swapping all instances of the wrong "optX" name. But one needs to replace all of it and then reboot cleanly. Make snapshots before...


Cheers,
Franco
April 20, 2022, 11:23:09 AM #6
Thanks for the hint - I have manually removed all interfaces on my 2nd firewall and rebuild it according to the 1st one.

This works now.

I am just a bit confused as on FW1 I have advertising frequency 1/0 and on my 2nd one I have 1/100.
Is this a regular behaviour?
April 20, 2022, 11:36:35 AM #7
Okay so seem skew 100 is fine as this being auto-generated for the 2nd FW.

So far after configuring the corresponding "opt" number for each interface everything works and sync is fine.
Maybe it would be good to add this information to the opnsense documentation.
April 20, 2022, 04:08:44 PM #8
The two warning boxes on the following page make these limitations clear:

https://docs.opnsense.org/manual/how-tos/carp.html


Cheers,
Franco
April 20, 2022, 05:51:00 PM #9
I agree but from it might be good to let the users know that beside the originial interface name (e.g. vtnetX) in my case OPNsense is additional using another name -> optX

And in this case it's not so easy to find the root cause why the XMLRPC is not working as expected.
April 20, 2022, 07:46:34 PM #10
QuoteMake sure the interface assignments on both systems are identical! Via Interfaces ‣ Overview you can check if e.g. DMZ is opt1 on both machines. When the assigments[sic] differ you will have mixed Master and Backup IPs on both machines.

I'd argue that's precisely what we talked about, but I'm not opposed to improve the wording on the page. For now I only fixed the typo in that paragraph.


Cheers,
Franco
Print
Go Up Pages1
User actions