Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA Sync does not work (Error: Operation timed out)

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    1
    2
    81
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dieterwolf
      last edited by

      Hey Guys,

      i set up a HA Envoirement right now. All is working well except teh sync of settings.

      Sync Interfaces is up and State Sync is set on both firewalls to this. CARP VIP are working, state sync is sucessful to. I can ping one firewall to the other and reverse over the Sync-Net.

      Firewall rules in Sync tab: Allow any
      Both FW are on HTTPS Port 444
      Both FW are on Version 2.7.2-RELEASE
      Both FW have exactly the same interfaces

      Master PF: 172.22.1.2
      Secoundary PF: 172.22.1.3

      Syslog Master PF:

      Nov 16 15:54:22 	kernel 		carp: demoted by 0 to 0 (pfsync bulk fail)
Nov 16 15:54:01 	php-fpm 	44568 	/rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
Nov 16 15:54:01 	php-fpm 	44568 	/rc.filter_synchronize: XMLRPC versioncheck: -- 23.3
Nov 16 15:54:01 	php-fpm 	44568 	/rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version: Unable to connect to tls://172.22.1.3:444. Error: Operation timed out
Nov 16 15:54:01 	php-fpm 	44568 	/rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version: Unable to connect to tls://172.22.1.3:444. Error: Operation timed out
Nov 16 15:53:51 	php-fpm 	44568 	/rc.filter_synchronize: Beginning XMLRPC sync data to https://172.22.1.3:444/xmlrpc.php.

      Syslog on Secoundary:

      Nov 16 15:49:33 	kernel 		carp: demoted by 0 to 0 (pfsync bulk fail)
Nov 16 15:48:29 	php-fpm 	46926 	/system_hasync.php: Configuring CARP settings finalize...
Nov 16 15:48:29 	php-fpm 	46926 	/system_hasync.php: pfsync done in 1 seconds.
Nov 16 15:48:28 	kernel 		carp: demoted by 0 to 0 (pfsync bulk start)
Nov 16 15:48:28 	php-fpm 	46926 	/system_hasync.php: waiting for pfsync...
Nov 16 15:48:28 	check_reload_status 	428 	Syncing firewall

      I read that i have to disable DNS Resolver: same issue.
      If i uncehck all sync boxes and try just to sync e.g. "Firewall Rules": same issue.

      Any ideas?

      D 1 Reply Last reply Reply Quote 0
      • D
        dieterwolf @dieterwolf
        last edited by

        Solution:

        I connected the two PFS with a virtual Switch (VXLAN+IPSEC). For this i had to lower the MTU to 1360. Unfortunatelly the Adapter in PFSense was set to 1500 and not appling for the new MTU.

        Setting down the MTU (in my case to 1360) manually in the SYNC-Interface-Options solved the problem.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post