HA XMLRPC error

johnpoz

Yeah I get that it is out of state, but it would be logged as an outbound block?? This is what is confusing me..

Derelict

Sorry. updated again lol

johnpoz

Ah that is why its block as outbound.. Then..

block out log inet all tracker 1000000104 label "Default deny rule IPv4"

Normally never see outbound blocks.. But if its pfsense itself doing the talking, and the state goes away then that rule would block it since the state is missing. Until the process on pfsense creates a new state by sending syn.

Derelict

Yeah. Everything that was initially set up by the TCP handshake starting with a SYN going out has been blown away so...

johnpoz

Ok that makes sense then - thanks. Even though there is a rule that allows pfsense to talk out, it still needs a valid state.

johnpoz

So if they are seeing this block - how do they restart the sync process so there is a new state created? I really need to play more with the HA stuff.. Time to fire up some vms and play with the HA setup ;) My understanding of the inner works of that is very lacking - I just have not had need to play with it.

Derelict

@johnpoz It will kick off another sync when another change is made or there's a button in Status > Filter Reload (of all places).

Screen Shot 2019-10-01 at 7.42.49 PM.png

johnpoz

hehe - that image just got better, I was thinking man derelict must be blind if has fonts/resolution set like that ;) Now it looks normal.. Before it was HUGE ;)

Derelict

@johnpoz It plays pretty nice in VMs. If you decide to lab it and have any questions just shout. Nothing special needed in proxmox.

johnpoz

But if the sync is having issues talking to the other side, wouldn't it auto send a new syn?

Derelict

@johnpoz I made a folder action that automatically downsizes screencaps from the 4K when they are taken. I have gotten lazy with Cmd-Option-Shift-4 (instead of Cmd-Shift-4) because it automatically sends the capture to the clipboard instead of the disk.

Derelict

@johnpoz said in HA XMLRPC error:

But if the sync is having issues talking to the other side, wouldn't it auto send a new syn?

A config sync is a one-time/as-needed event. If the connection fails it isn't retried - or maybe it is I don't know. Not really sure of why it is coded that way (if it is) and wouldn't understand it if I looked in there.

But that would not change those logged blocks or the logged XMLRPC message. It would just try again and succeed.

johnpoz

So you running 4k on your monitor? You Suck! ;) you have all the good toys!

Derelict

@johnpoz 5K iMac with a 4K on each side

johnpoz

Yeah you suck! ;) heheheh.. I finally updated main tv to 4k.. But upgrading my pc to do 4k with new monitor is cost prohibitive currently.. Damn budget committee (wife) can be a problem ;)

bolvar

@Derelict

Hy

Nothing changes made everything is on default values.

The problem now gone when i checked out the gateway monitoring.Now its a little bit like pfsense has a soul :D

JeGr

@Derelict said in HA XMLRPC error:

@johnpoz It will kick off another sync when another change is made or there's a button in Status > Filter Reload (of all places).

DAMN! Never even saw that/realized it is there. Important tidbit to add to my slides! :)

mutters to self: so many HA setups and never even saw that button... might be getting blind on my old days...

Derelict

Status (CARP) seems like a better place for that. There must be...reasons.

Yeah. It's there because it gives progress feedback using the same mechanism as a filter reload.

JeGr

@Derelict said in HA XMLRPC error:

Status (CARP) seems like a better place for that. There must be...reasons.

I'm sure ;) But ... what about bringing it to both places? I must say the filter reload screen is one of the last (and least) ones I was ever using and would have never searched for a HA related sync button there.

Derelict

They probably wouldn't want to duplicate that command output display code on another page but a link to the filter reload page there might be possible.