CARP demoted (pfsync bulk start)

Started by superwinni2, January 04, 2021, 08:20:56 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 04, 2021, 08:20:56 AM
Hallo und frohes Neues Jahr zusammen

kann mir eventuell jemand erklären warum mein CARP auf die BackupFW springt sobald ich eine (XMLRPC) Synchronisation starte?
Dadurch fliegen natürlich jegliche Benutzer aus der OpenVPN Verbidnung heraus.
Haupt und Backup sind auf Version
Code Select
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020

Die System.log:
Code Select
Jan  4 07:31:32 fw1 webgui[50262]: /index.php: Successful login for user 'root' from: 10.10.10.135
Jan  4 07:31:32 fw1 webgui[50262]: /index.php: Successful login for user 'root' from: 10.10.10.135
Jan  4 07:57:12 fw1 opnsense[82474]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:57:17 fw1 opnsense[45021]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:57:30 fw1 opnsense[82474]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:57:35 fw1 opnsense[45021]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:57:50 fw1 opnsense[3442]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:58:10 fw1 opnsense[3442]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 07:59:38 fw1 opnsense[93960]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 07:59:57 fw1 opnsense[93960]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 08:02:00 fw1 opnsense[9331]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://172.59.24.12/xmlrpc.php parse error. not well formed
Jan  4 08:02:19 fw1 opnsense[9331]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://172.59.24.12/xmlrpc.php.
Jan  4 08:03:26 fw1 kernel: carp: demoted by 240 to 240 (pfsync bulk start)
Jan  4 08:03:26 fw1 kernel: carp: 6@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 13@vmx3: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx3: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 12@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 11@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 10@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 9@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 8@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 1@vmx0: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx0: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 7@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 5@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 4@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 3@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 kernel: carp: 2@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:03:26 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:03:26 fw1 opnsense[17087]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "BACKUP" for vhid 6
Jan  4 08:03:26 fw1 opnsense[17087]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:03:26 fw1 configctl[25434]: event @ 1609743806.47 msg: Jan  4 08:03:26 fw1.emea.aww.int config[84983]: config-event: new_config /conf/backup/config-1609743806.4024.xml
Jan  4 08:03:26 fw1 configctl[25434]: event @ 1609743806.47 exec: system event config_changed
Jan  4 08:03:27 fw1 opnsense[74073]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "BACKUP" for vhid 13
Jan  4 08:03:27 fw1 opnsense[74073]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:03:27 fw1 kernel: carp: demoted by -240 to 0 (pfsync bulk done)
Jan  4 08:03:27 fw1 opnsense[26183]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "BACKUP" for vhid 12
Jan  4 08:03:27 fw1 opnsense[26183]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:03:27 fw1 kernel: carp: 2@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 3@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 13@vmx3: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 4@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 5@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 7@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: arp: 10.10.10.1 moved from 00:00:5e:00:01:0d to 00:0c:29:98:aa:c5 on vmx3
Jan  4 08:03:27 fw1 kernel: carp: 8@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 9@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 10@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 11@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 1@vmx0: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 12@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:27 fw1 kernel: carp: 6@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:03:28 fw1 opnsense[65615]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "BACKUP" for vhid 11
Jan  4 08:03:28 fw1 opnsense[65615]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:03:28 fw1 opnsense[45431]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "BACKUP" for vhid 10
Jan  4 08:03:28 fw1 opnsense[45431]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:03:28 fw1 opnsense[65820]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "BACKUP" for vhid 9
Jan  4 08:03:28 fw1 opnsense[65820]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:03:29 fw1 opnsense[98623]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "BACKUP" for vhid 8
Jan  4 08:03:29 fw1 opnsense[98623]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:03:29 fw1 opnsense[22562]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "BACKUP" for vhid 1
Jan  4 08:03:29 fw1 opnsense[22562]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:03:30 fw1 opnsense[53413]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "BACKUP" for vhid 7
Jan  4 08:03:30 fw1 opnsense[53413]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:03:30 fw1 opnsense[86312]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "BACKUP" for vhid 5
Jan  4 08:03:30 fw1 opnsense[86312]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:03:30 fw1 opnsense[8812]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "BACKUP" for vhid 4
Jan  4 08:03:30 fw1 opnsense[8812]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:03:31 fw1 opnsense[24252]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "BACKUP" for vhid 3
Jan  4 08:03:31 fw1 opnsense[24252]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:03:31 fw1 opnsense[52485]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "BACKUP" for vhid 2
Jan  4 08:03:31 fw1 opnsense[52485]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:03:32 fw1 opnsense[49273]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "MASTER" for vhid 2
Jan  4 08:03:32 fw1 opnsense[49273]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:03:32 fw1 opnsense[36346]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "MASTER" for vhid 3
Jan  4 08:03:32 fw1 opnsense[36346]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:03:32 fw1 opnsense[57270]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "MASTER" for vhid 13
Jan  4 08:03:32 fw1 opnsense[57270]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:03:33 fw1 opnsense[84185]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "MASTER" for vhid 4
Jan  4 08:03:33 fw1 opnsense[84185]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:03:33 fw1 opnsense[74783]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "MASTER" for vhid 5
Jan  4 08:03:33 fw1 opnsense[74783]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:03:33 fw1 opnsense[84613]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "MASTER" for vhid 7
Jan  4 08:03:33 fw1 opnsense[84613]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:03:34 fw1 opnsense[98441]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "MASTER" for vhid 8
Jan  4 08:03:34 fw1 opnsense[98441]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:03:34 fw1 opnsense[1276]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "MASTER" for vhid 9
Jan  4 08:03:34 fw1 opnsense[1276]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:03:35 fw1 opnsense[98018]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "MASTER" for vhid 10
Jan  4 08:03:35 fw1 opnsense[98018]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:03:35 fw1 opnsense[33194]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "MASTER" for vhid 11
Jan  4 08:03:35 fw1 opnsense[33194]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:03:35 fw1 opnsense[62468]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "MASTER" for vhid 1
Jan  4 08:03:35 fw1 opnsense[62468]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:03:36 fw1 opnsense[66407]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "MASTER" for vhid 12
Jan  4 08:03:36 fw1 opnsense[66407]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:03:36 fw1 opnsense[86707]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "MASTER" for vhid 6
Jan  4 08:03:36 fw1 opnsense[86707]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:04:22 fw1 kernel: carp: demoted by 240 to 240 (pfsync bulk start)
Jan  4 08:04:22 fw1 kernel: carp: 6@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 12@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 13@vmx3: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx3: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 11@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 10@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 9@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 8@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 7@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 5@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 4@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 3@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 2@vmx2: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx2: deletion failed: 3
Jan  4 08:04:22 fw1 kernel: carp: 1@vmx0: MASTER -> BACKUP (more frequent advertisement received)
Jan  4 08:04:22 fw1 kernel: vmx0: deletion failed: 3
Jan  4 08:04:22 fw1 opnsense[27153]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "BACKUP" for vhid 6
Jan  4 08:04:22 fw1 opnsense[27153]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:04:22 fw1 opnsense[78415]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "BACKUP" for vhid 12
Jan  4 08:04:22 fw1 opnsense[78415]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:04:23 fw1 configctl[25434]: event @ 1609743862.51 msg: Jan  4 08:04:22 fw1.emea.aww.int config[85003]: config-event: new_config /conf/backup/config-1609743862.4143.xml
Jan  4 08:04:23 fw1 configctl[25434]: event @ 1609743862.51 exec: system event config_changed
Jan  4 08:04:23 fw1 opnsense[213]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "BACKUP" for vhid 13
Jan  4 08:04:23 fw1 opnsense[213]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:04:23 fw1 kernel: carp: demoted by -240 to 0 (pfsync bulk done)
Jan  4 08:04:23 fw1 opnsense[60630]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "BACKUP" for vhid 11
Jan  4 08:04:23 fw1 opnsense[60630]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:04:23 fw1 opnsense[95874]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "BACKUP" for vhid 10
Jan  4 08:04:23 fw1 opnsense[95874]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:04:23 fw1 opnsense[28546]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "BACKUP" for vhid 9
Jan  4 08:04:23 fw1 opnsense[28546]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:04:23 fw1 kernel: carp: 1@vmx0: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 2@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 3@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 4@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 5@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 7@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 8@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: arp: 10.46.20.1 moved from 00:00:5e:00:01:01 to 00:0c:29:98:aa:d9 on vmx0
Jan  4 08:04:23 fw1 kernel: carp: 9@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 10@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 13@vmx3: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 11@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 12@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:23 fw1 kernel: carp: 6@vmx2: BACKUP -> MASTER (preempting a slower master)
Jan  4 08:04:24 fw1 opnsense[72275]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "BACKUP" for vhid 8
Jan  4 08:04:24 fw1 opnsense[72275]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:04:24 fw1 opnsense[49670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "BACKUP" for vhid 7
Jan  4 08:04:24 fw1 opnsense[49670]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:04:24 fw1 opnsense[87955]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "BACKUP" for vhid 5
Jan  4 08:04:24 fw1 opnsense[87955]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:04:24 fw1 opnsense[5313]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "BACKUP" for vhid 4
Jan  4 08:04:24 fw1 opnsense[5313]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:04:25 fw1 opnsense[46544]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "BACKUP" for vhid 3
Jan  4 08:04:25 fw1 opnsense[46544]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:04:25 fw1 opnsense[85149]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "BACKUP" for vhid 2
Jan  4 08:04:25 fw1 opnsense[85149]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:04:26 fw1 opnsense[56456]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "BACKUP" for vhid 1
Jan  4 08:04:26 fw1 opnsense[56456]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:04:26 fw1 opnsense[88172]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.46.20.1 - VIP LAN (1@vmx0)" has resumed the state "MASTER" for vhid 1
Jan  4 08:04:26 fw1 opnsense[88172]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.46.20.1 - VIP LAN.
Jan  4 08:04:26 fw1 opnsense[9822]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.194 - VIP WAN (2@vmx2)" has resumed the state "MASTER" for vhid 2
Jan  4 08:04:26 fw1 opnsense[9822]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.194 - VIP WAN.
Jan  4 08:04:27 fw1 opnsense[10642]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.197 - vIP WAN .197 (3@vmx2)" has resumed the state "MASTER" for vhid 3
Jan  4 08:04:27 fw1 opnsense[10642]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.197 - vIP WAN .197.
Jan  4 08:04:27 fw1 opnsense[57525]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.198 - vIP WAN .198 (4@vmx2)" has resumed the state "MASTER" for vhid 4
Jan  4 08:04:27 fw1 opnsense[57525]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.198 - vIP WAN .198.
Jan  4 08:04:28 fw1 opnsense[6392]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.199 - vIP WAN .199 (5@vmx2)" has resumed the state "MASTER" for vhid 5
Jan  4 08:04:28 fw1 opnsense[6392]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.199 - vIP WAN .199.
Jan  4 08:04:28 fw1 opnsense[69967]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.201 - vIP WAN .201 (7@vmx2)" has resumed the state "MASTER" for vhid 7
Jan  4 08:04:28 fw1 opnsense[69967]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.201 - vIP WAN .201.
Jan  4 08:04:28 fw1 opnsense[34878]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.202 - vIP WAN .202 (8@vmx2)" has resumed the state "MASTER" for vhid 8
Jan  4 08:04:28 fw1 opnsense[34878]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.202 - vIP WAN .202.
Jan  4 08:04:29 fw1 opnsense[65852]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.203 - vIP WAN .203 (9@vmx2)" has resumed the state "MASTER" for vhid 9
Jan  4 08:04:29 fw1 opnsense[65852]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.203 - vIP WAN .203.
Jan  4 08:04:29 fw1 opnsense[92211]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.204 - vIP WAN .204 (10@vmx2)" has resumed the state "MASTER" for vhid 10
Jan  4 08:04:29 fw1 opnsense[92211]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.204 - vIP WAN .204.
Jan  4 08:04:29 fw1 opnsense[65856]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "10.10.10.1 - vIP Gast .1 (13@vmx3)" has resumed the state "MASTER" for vhid 13
Jan  4 08:04:29 fw1 opnsense[65856]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 10.10.10.1 - vIP Gast .1.
Jan  4 08:04:30 fw1 opnsense[38179]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.205 - vIP WAN .205 (11@vmx2)" has resumed the state "MASTER" for vhid 11
Jan  4 08:04:30 fw1 opnsense[38179]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.205 - vIP WAN .205.
Jan  4 08:04:30 fw1 opnsense[56004]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.206 - vIP WAN .206 (12@vmx2)" has resumed the state "MASTER" for vhid 12
Jan  4 08:04:30 fw1 opnsense[56004]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.206 - vIP WAN .206.
Jan  4 08:04:30 fw1 opnsense[84539]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "1.2.3.200 - vIP WAN .200 (6@vmx2)" has resumed the state "MASTER" for vhid 6
Jan  4 08:04:30 fw1 opnsense[84539]: /usr/local/etc/rc.syshook.d/carp/20-openvpn: Resyncing OpenVPN instances for interface 1.2.3.200 - vIP WAN .200.
Jan  4 08:05:18 fw1 sshd[83285]: Accepted publickey for root from 10.10.10.135 port 55923 ssh2: RSA SHA256:IHTkSWs0Klg0NPJ9svQEmgJxHS8i9mAerm2amCcN4ro





Ich habe ebenfalls ein zweites Setup bei jenem dies nicht passiert.
Die Setups haben keine Verbindung zueinander und kennen sich auch nicht.
In den logs steht hier nur folgendes:
Code Select

Jan  4 08:13:42 OPNsense1 opnsense[41119]: /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username root and https://10.0.0.2/xmlrpc.php parse error. not well formed
Jan  4 08:13:50 OPNsense1 opnsense[41119]: /usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://10.0.0.2/xmlrpc.php.


Bei meinem 2. Setup sieht man ja ziemlich eindeutig, dass hier keine "CARP demotion" statt findet.
Herzlichen Dank und Grüße
January 11, 2021, 01:37:14 PM #1
Hallo superwinni2,

ich habe dasselbe Problem, dass der Sync mit der Baxkup-Firewall nicht mehr funktioniert und wenn ich den Sync ausschalte und wieder anschalte, dann stütz die erste Firewall ab und geht auf die Backup-Firewall .

Viele Grüße,
atom
January 11, 2021, 01:53:04 PM #2
Auf Firewall2 läuft noch nicht das aktuellste Update und deswegen stürzt der Sync ab
January 11, 2021, 02:26:00 PM #3
Bei mir sind beide auf demselben Stand laut (Dashboard:Versions)

Aber "System: High Availability: Status" meldet: The backup firewall is not accessible or not configured.
January 11, 2021, 02:52:33 PM #4
Welche version haben beide?
January 11, 2021, 03:36:01 PM #5
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
LibreSSL 3.1.5
January 11, 2021, 05:25:57 PM #6
Bei mir waren zum Zeitpunkt ebenfalls beide Firewalls auf der gleichen Version... Nun ist auf der HauptFW noch zusätzlich das Update für Unbound und nochmal was drauf... Habe es aber bisher nicht nochmals versucht...

Gesendet von meinem OnePlus 8t mit Tapatalk

January 13, 2021, 11:15:53 AM #7
Wenn ich den Sync manuell anstoße, die Pakete auf beiden Seiten aufzeiche, dann sieht alles korrekt aus.

Master:
PFSYNC
ix2   10:44:40.700126 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 196
    update compressed count 2
    eof count 1
PFSYNC
ix2   10:44:40.700136 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:40.700138 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:40.700140 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 196
PFSYNC
ix2   10:44:40.781487 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 196

SLAVE:
PFSYNC
ix2   10:44:39.165275 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
    update compressed count 1
    eof count 1
PFSYNC
ix2   10:44:39.222869 IP 192.168.199.251 > 192.168.199.253: PFSYNCv5 len 112
PFSYNC
ix2   10:44:39.601930 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 280
PFSYNC
ix2   10:44:39.601945 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 112
PFSYNC
ix2   10:44:39.618227 IP 192.168.199.253 > 192.168.199.251: PFSYNCv5 len 112
January 16, 2021, 08:43:31 AM #8
Wenn ich das per Skript anstoße, dann bekomme ich folgenden Fehler:

Code Select

/usr/local/etc/rc.filter_synchronize
send >>>
Host: 192.168.199.251
User-Agent: XML_RPC
Content-Type: text/xml
Content-Length: 117
Authorization: Basic c3luYzpPN1hUOWlLdFRBUkN4c2JPYXpsZg==
<?xml version="1.0"?>
<methodCall>
<methodName>opnsense.firmware_version</methodName>
<params>
</params></methodCall>received >>>
error >>>
fetch error. remote host down?


Ein ping auf die 192.168.199.251 funktioniert und die Firewallregel erlaubt alles was IPv4 ist.
January 16, 2021, 09:03:41 AM #9
Packet capture auf unit 2, kommen die Pakete an?
January 16, 2021, 09:29:18 AM #10
Ja, die kommen an. ( in Post Reply #7 )
January 16, 2021, 10:20:26 AM #11
Das sind nur pftables und nicht config sync
January 16, 2021, 10:33:23 AM #12
Es werden auf beiden Seiten nur diese Pakete auf dem PFSYNC interface gesehen.
January 16, 2021, 10:37:26 AM #13
Im Firewall log ist nur auf der sendenen Seite ein Log-Eintrag:

Code Select

PFSYNC Jan 16 10:35:50 192.168.199.253:61313 192.168.199.251:443 tcp let out anything from firewall host itself
January 16, 2021, 10:46:04 AM #14
Zeit mal Screenshot von HA config von beiden Geräten
Print
Go Up Pages1 2
User actions