Pfsync not syncing states

jsvg

It's currently blank for both sides and it's not working :(

dotdash

Verify you can ping each box from the other via the sync if. These both physical boxes with matched interfaces?

cmb

Having the wrong IP in there maybe got it into a weird state that removing didn't undo, try rebooting both of them.

podilarius

@dotdash:

Verify you can ping each box from the other via the sync if. These both physical boxes with matched interfaces?

I had this problem too. Mine was the change that pfsense made to require matching interfaces on secondary to match primary unless you hack it with LAGG.
As dotdash asks above.

jsvg

The reboot didn't help, even though failover worked just fine (minus the state transfer). Still tons of packets arriving on the backup on the SYNC interface. If I disable sync on the master, the traffic dies off :( Makes me think the problem might be on the backup.

I had this problem too. Mine was the change that pfsense made to require matching interfaces on secondary to match primary unless you hack it with
LAGG.
As dotdash asks above.

AH that's the problem then. They are not matched. How do I "hack this with a LAGG"?

doktornotor

Well, create a lagg with a single NIC on both boxes. Silly? Yeah, 300%. NFC what's the benefit here. Never got a good explanation why's it good to have states tied to physical NIC names.

jsvg

Do I create a LAGG for the upstream ISP interfaces, or the SYNC interface?

dotdash

All the nics need to match, IIRC. So you'd have to LAGG any nics that weren't physically the same.

podilarius

@j@svg:

AH that's the problem then. They are not matched. How do I "hack this with a LAGG"?

If you search the forums, there was a setup type guide on doing this, but I cannot find it quickly to post in here.
I used it to setup the single interface lag. After that, it pretty much a standard carp setup.

jsvg

Thank you for the help guys! One of the instances is physical, the other is virtual. We were holding up moving to 100% virtualized because of this problem, but we're going to move forward since the interfaces will be named the same after the upgrade.

Cheers!