Authentication Issues
-
Hi jacobedwards,
I'm not so sure about your NAT issues. But what I do know, is that if you have a high availability setup with two firewalls, and you change your admin password, you also need to change the high availability settings. The password for the other firewall needs to be entered there.
You do not mention what version of pfSense you are using, but if it's 2.1 or never, you will find the settings under System -> High Avail. Sync. If "Remote System Username" has a value (it needs to be admin), then also make sure that the corresponding password is present in "Remote System Password". Note: This applies only to your primary firewall. Your secondary should not have any values in Username or Password.
-
Ops, my apologies.
I'm using version 2.0.1-RELEASE.
I went into Virtual IP's - CARP Settings on Firewall 1.
I made sure that the Remote Username and Password were the same as the default admin account.
I went into Virtual IP's - CARP Settings on Firewall 2.
I tried to remove Remote Username and Password, but everytime I save it returns. I then changed them to Default Admin account.
However, issue is still occurring (Acknowledge All) at top of Firewall 1 only, not Firewall 2.
-
Then I think you will find the settings under Firewall -> Virtual IPs. Select the "CARP Settings" tab.
-
I went into Virtual IP's - CARP Settings on Firewall 1.
I made sure that the Remote Username and Password were the same as the default admin account.
I went into Virtual IP's - CARP Settings on Firewall 2.
I tried to remove Remote Username and Password, but everytime I save it returns. I then changed them to Default Admin account.
However, issue is still occurring (Acknowledge All) at top of Firewall 1 only, not Firewall 2.
Yes, it makes sense that the messages is only appearing on the primary firewall, as that is the one who's trying to sync the settings over to the backup firewall. The password you are entering in the carp settings on the primary must be the password for the admin-account on the secondary firewall.
On the CARP settings, is "Synchronize Users and Groups" selected?
I assume you have clicked on "Acknowledge all", and the message keeps reappering?
-
Haha the message has gone away now! Thanks a bunch!
Another issue has occurred though.
My secondary internet connection is appearing as "Offline" in the Gateway monitor, even though it isn't.
This is stopping my NAT Rules from working correctly as they route through the connection that is apparently "Offline".
Any reason it would be doing this?
-
Hmm, not really sure. You could try to restart the apinger-service, and see if that does anything. This is the service that monitors the gateways. You'll be able to restart it here: Status -> Services.
Edit: You should really consider upgrading to 2.1.4. Alot has been fixed since 2.0.1.
-
If I was to perform the upgrade, would everything have to be reconfigured? Or would it stay exactly the same but with additional features?
Just because, if anything fucks up, I have no idea how to reconfigure it all again.
-
Theoretically, you should not need to reconfigure anything after the upgrade. I've personally never experienced issues with an upgrade, but I have never upgraded a system that runs a version that is soon to be three years old. Maybe you should consider purchasing support from ESF (pfSense).
Also see: https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_CARP
Someone else may also have input to this.
Did you try to restart apinger?
-
In Status -> Services, I only have the following:
bandwidthd
bsnmpd
ntpd
snort
squid
zabbix_agentdNo apinger? :S
-
Ah, I guess it's not visible as a service in 2.0.1 then.
-
So I'm planning on upgrading from 2.0.1 to 2.1.4.
Anything I should know beforehand? I have backed up configuration files just incase.
Will any problems occur that anybody knows off?
Should I do anything before I perform the upgrade, I.E. Remove packages etc?
-
So I'm planning on upgrading from 2.0.1 to 2.1.4.
Anything I should know beforehand? I have backed up configuration files just incase.
Will any problems occur that anybody knows off?
Should I do anything before I perform the upgrade, I.E. Remove packages etc?
You might have better luck if you post this in the forum for "Installation and upgrades", or maybe a mod can split your post out in a new thread.