English Forums > High availability

Config Sync (XMLRPC) not Syncing to Secondary

(1/3) > >>

kbrown.it:
I am setting up OPNSense (Version: 22.7-amd64, FreeBSD 13.1-RELEASE, OpenSSL 1.1.1q 5 Jul 2022) to be in an HA Cluster with another OPNSense firewall (both were installed at the same time with the same installer, I use the Serial Console Installer). I have them configured and CARP setup (which is working), but when I went to set up the HA Config Sync I cannot get the config to sync over.

When I try and preform a Sync, I see it does the "pfsync bulk start" and thank it does a "pfsync bulk done" shortly after on the console. When I got to Status all I see is "The backup firewall is not accessible or not configured.". I have compared the settings to another OPNSense cluster (older version) and they are similar (different IPs and and different options selected on what to sync). I turned on logging for the rule on my HA interface (which is wide open) and I can see the traffic being allowed. I do not see anything in the logs specific to the syncing.

I am at a loss as to why the Config Sync is not working as it should (or if it is working and the Status page is broken). I have seen post were people talked about a semi-colon in the password being an issue. I am not using a semi-colon in the password and after removing all special characters, the issue was still present (so I do not thing that is the issue). The Web Interface is allowed on all interfaces as well.

Patrick M. Hausen:
Config of the HA interfaces on both nodes, HA config on the master, firewall rules for that interface on both nodes, please.

kbrown.it:
HA Config and Rules are configured on both sides (forgot to mention this in the original post).

Patrick M. Hausen:
Please post the configuration of the HA interfaces of both sides, the HA config of the master node, and the firewall rule(s) applied to the HA interfaces of both sides.

Complete screenshots with all settings.

Without that it is impossible to help you. HA and config sync works. We need to find out what is wrong eith your particular setup. To do that we need at least the things I asked for in my last post, already.

"I configured it" is not helpful in diagnosing a problem. If you configured it correctly, it would work as designed, wouldn't it?

kbrown.it:

--- Quote from: pmhausen on August 25, 2022, 11:24:20 pm ---If you configured it correctly, it would work as designed, wouldn't it?

--- End quote ---

Assuming nothing has broken within the last code up date. As mentioned, I have this working correctly (and mirrored the setup to this new one) on OPNsense 21.7.3_3-amd64 in a VM Environment. Comparing the two HA Settings pages, I see my newer one has an additional option (Disconnect dialup interfaces) and the Synchronize States is not at the top (which it is in the older version). This indicates that there have been some changes to at least the look/function of the page (which can result in breaking functionality if stuff is not coded right).

I will post the requested screenshots shortly.

Navigation

[0] Message Index

[#] Next page