Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Auto configuration backup shows no backups

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Steve_B Netgate @rahvin9999
      last edited by

      @rahvin9999
      You might also try: "ping acb.netgate.com" from the command line.

      Als ik kan

      R 1 Reply Last reply Reply Quote 1
      • R
        rahvin9999 @Steve_B
        last edited by

        @steve_b

        Resolves and succesfully pings to 208.123.73.78 from pfSense1, pfSense2 and pfSense3

        64 bytes from 208.123.73.78: icmp_seq=0 ttl=45 time=122.599 ms
        64 bytes from 208.123.73.78: icmp_seq=1 ttl=45 time=122.372 ms
        64 bytes from 208.123.73.78: icmp_seq=2 ttl=45 time=122.598 ms
        64 bytes from 208.123.73.78: icmp_seq=3 ttl=45 time=122.429 ms
        
        1 Reply Last reply Reply Quote 0
        • S
          Steve_B Netgate @rahvin9999
          last edited by Steve_B

          @rahvin9999 The logs show a few instances of you attempting to list backups for firewall 1 (presumably when testing from another firewall) but no backups being saved.

          It is possible this could be due to an error in your HA configs but that is just a guess. We are discussing internally.

          Als ik kan

          R 1 Reply Last reply Reply Quote 1
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, a common config mistake here is to end up with HA nodes NATing their own traffic whifh can cause a problem. However I don't think that can be the problem here because each node is able to ping the acb server and can list the backups from the third firewall.

            @rahvin9999 said in Auto configuration backup shows no backups:

            Our config.xml files are 16.748KB

            Is that nearly 17MB? That would be a really very large config, we might need to test that.

            Steve

            R 1 Reply Last reply Reply Quote 1
            • R
              rahvin9999 @Steve_B
              last edited by

              @steve_b

              From my perspective the HA config works without issues.

              High Availability Sync settings on pfSense1

              • pfsync is configured to sync states over a dedicated sync interfaced targeted to the IP of pfSense2
              • XMLRPC Sync is configured to sync to pfSense2 on the same ip as pfsync
              • XMLRPC Sync uses the admin user and everything is ticked to be synced except Synchronize admin
              • we have HAProxy installed and this is set to use XMLRPC Sync via the HAProxy settings page setting "HAProxy Sync"

              High Availability Sync settings on pfSense2

              • pfsync is configured to sync states over a dedicated sync interfaced targeted to the IP of pfSense2
              • the XMLRPC Sync section is left empty

              We have 3 Carp VIP's

              • WAN has one Carp VIP in a /29 subnet
              • LAN has one Carp VIP in a /24 subnet
              • DMZ has one Carp VIP in a /24 subnet

              The config is succesfully synced from pfSense1 to pfSense2
              If on pfSense1 I:

              • Disable CARP (or)
              • Enable CARP Persistent maintenance mode (or)
              • Pull the powercable from pfSense1
                pfSense2 takes over everything. We have a lot of OpenVPN and IPSec clients. Who succesfully reconnect to pfSense2.
                If I boot/reenable pfSense1 everything goes back to pfSense1
              1 Reply Last reply Reply Quote 0
              • R
                rahvin9999 @stephenw10
                last edited by rahvin9999

                @stephenw10

                Yes, that is nearly 17MB.

                We currently have 3000+ Users, Certificates and OpenVPN Client Specific Overrides in the config.

                Only issue that many users and certificates gives is, that some pages take some time to load.
                That and rebooting takes some time as it is stuck at "Synchronizing users settings" for a while.
                But that is due to the fact that the xeon D cpu used has horrible single thread performance. If I load this config on a server with a faster CPU it loads multiple factors faster.

                <edit: Spelling and grammar>

                S 1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Ok, that is very large. We are checking on that now but I suspect you are hitting a config size limit.

                  I would usually recommend using external authentication by the time you're approaching that many users. There are certainly parts of the gui that will struggle with that number of entries.

                  Steve

                  1 Reply Last reply Reply Quote 1
                  • S
                    Steve_B Netgate @rahvin9999
                    last edited by

                    Would you try a backup now please?

                    Als ik kan

                    R 1 Reply Last reply Reply Quote 1
                    • R
                      rahvin9999 @Steve_B
                      last edited by

                      @steve_b

                      Did a test backup on both pfSense1 and pfSense2 and they now show up in the list.

                      Bedankt!

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        Steve_B Netgate @rahvin9999
                        last edited by

                        Glad it worked. As @stephenw10 said, an external authentication system would be worthwhile for that many users, but in the meantime I increased the max file size to 30 MiB.

                        Als ik kan

                        R 1 Reply Last reply Reply Quote 0
                        • R
                          rahvin9999 @Steve_B
                          last edited by

                          @steve_b

                          I am looking into moving the users and the certificates of the pfSense machines to a dedicated solution.

                          Thanks for the help with this issue!

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.