HA Cluster - Backup problem
-
It is a static outbound port for outgoing IPsec client connections. If you are not doing that you don't need it, but it won't hurt to have it there either.
So when you are on the secondary and try to resolve a name using Diagnostics > DNS Lookup what happens? How does that look compared to the same action on the primary?
-
@derelict They both working fine !!!
I still can't start the openvpn service!!!!
-
You generally don't run OpenVPN on the backup node. It starts when it fails over.
How about posting the DNS results so we can be the judge of what is working fine and what isn't?
-
@derelict Master is dark theme Backup is light
192.168.10.1 is the upstream pfsense unbound
I set the downstream pfsense to forwarding mode
-
How about names out on the internet? Like files00.netgate.com?
You rattled off about 6 different problems in your initial post. What, specifically, is your priority to fix?
-
-
OK. It looks like that webgui is functioning fine.
So what is the problem you are having? Please be as complete and specific as possible.
-
It looks yes, but before I started this post it was very very slow loading any page on the backup's web GUI and the web gui was unresponsive when you try to go to any page on the webgui. Even now sometimes when I hit the link on the menu browser is loading and then stopped like nothing happen and when I hit the same link again on the menu the page is loading fine. If the problem was the unbound Yes the unbound service was down on the backup and I started it so far I don't have any problems I just walked around the webgui's menu going to different pages without any issues
I just put the master into CARP Maintenance Mode as you said openvpn service came up
I have tested the SYNC after I put the master into CARP Maintenance Mode the master becomes a backup. When backup becomes a master and I make some changes like adding aliases to it they don't sync to the backup is that how it should be? If you can understand what I am trying to say!!!! Everything else seems to work fine
-
If it is having trouble syncing settings it really depends. Does the system log show successful XMLRPC sync when you make a change?
If not that will have to be fixed.
If sync is working but changes to firewall rules don't appear to be syncing, you might have mismatched interfaces between the two nodes.
If you are having GUI problems, the first thing I would do is eliminate the custom theme. I would also try another browser. I have not heard of any issues like that with the dark theme, and all major browsers work fine with the firewall, but that is where I would start.
I would also check for any logs that state something like "X is using my ip address" or something of that nature.
-
@derelict hello
My SYNC Interfaces are Direct attached 10G Fiber between both nodes no switch/hub between them.
My question was is the syncing process one way ?
When my MASTER NODE failed and my BACKUP NODE become a MASTER is not actually a MASTER - MASTER it was design to pass a traffic until the MASTER is back online right ? or to test some settings before you put them into the MASTER NODE
That's why this clustering system is design when new update came up you update the BACKUP NODE to see if everything is working fine before you UPDATE the MASTER NODE
-
Yes. You make changes to the primary node. It doesn't matter which one is master at the time.
If something happens and you have to run on the secondary node for any length of time, it is incumbent upon you to log any necessary changes so they can be duplicated when the primary node is back online.
-
@derelict Understand thank you
