CARP/HA IPSec on Backup Node - connection not found?
-
@sepp_huber said in CARP/HA IPSec on Backup Node - connection not found?:
It is still listed as supported in the documentation.
Not for long. Thanks. ;)
-
@sepp_huber said in CARP/HA IPSec on Backup Node - connection not found?:
I am wondering why a reboot helped... it is not a Windows system ;-)
A restart completely rebuilds all configuration files from the config.xml file.
-
@derelict said in CARP/HA IPSec on Backup Node - connection not found?:
A restart completely rebuilds all configuration files from the config.xml file.
OK...
After changing something on the primary it is still not synced to the secondary.
Anyway, I can live with this workaround => reboot of the secondary after changing the ipsec configuration.I will update to 2.4.X in the next weeks.
-
I would continue to work the problem. That is certainly not normal.
Is IPsec checked in the XMLRPC sync settings on the primary?
-
As already stated in my inital post here... yes everything in the sync settings is checked AND there are no sync errors in the logs. Is there a debugging/logging feature for the XMLRPC sync?
-
The system logs tell you what it is complaining about.
-
No errors on master
Nov 12 10:52:22 php-fpm /rc.filter_synchronize: Filter sync successfully completed with http://192.168.XXX.XXX:80. Nov 12 10:52:21 php-fpm /rc.filter_synchronize: XMLRPC sync successfully completed with http://192.168.XXX.XXX:80. Nov 12 10:52:21 php-fpm /rc.filter_synchronize: Beginning XMLRPC sync to http://192.168.XXX.XXX:80.Filter reload sync output extract on master
... Pre-caching IPSec Port... Creating filter rule IPSec Port ... Creating filter rules IPSec Port ... Setting up pass/block rules Setting up pass/block rules IPSec Port Creating rule IPSec Port Pre-caching IPSec Port... Creating filter rule IPSec Port ... Creating filter rules IPSec Port ... Setting up pass/block rules Setting up pass/block rules IPSec Port Creating rule IPSec Port ... Signaling CARP reload signal... Syncing CARP data to http://192.168.XXX.XXX XMLRPC sync successfully completed with http://192.168.XXX.XXX:80But on the backup I found:
Nov 12 10:57:06 php-fpm 39865 /xmlrpc.php: The command '/usr/sbin/pw groupadd -n 'admins' -g '2000' -M '0' 2>&1' returned exit code '65', the output was 'pw: group name `admins' already exists' -
Hi,
after upgrading to 2.4.4, the synchronization still does not work.
The ipsec file on the backup node is outdated.
The message "/xmlrpc.php: The command '/usr/sbin/pw groupadd -n 'admins'..." does not appear anymore on the backup node. -
I have no idea what the issue is there. Never appeared on any system I have been involved with before. XMLRPC generally works or it doesn't. It isn't selective as to what configs it syncs or what it doesn't.
-
I think the XMLRPCSync is working, there are no errors.
All changes are visible in the ipsec user interface of the second node and if I make a "diff" of the configuration-backup XML of both nodes... all ipsec changes are included in the configuration of the second node.
There must be an additional step after the XMLRPCSync which transfers the changes to "/var/etc/ipsec/ipsec.conf" and that fails or is not executed...
Because after a reboot the file is "in-sync" with the configuration.Is it possible to change the debuglevel somewhere or add log output to the php source code?
