5. Pf-Sync not syncing everything?

Pf-Sync not syncing everything?

  • E

    Info:
    2.0-ALPHA-ALPHA
    built on Sun Feb 1 13:40:56 EST 2009
    FreeBSD 7.1-RELEASE-p2

    On my system it appears that no CARP/VIP/NAT/etc… Data is being sync'd even when attempting a "force" sync.
    Is anyone using pfsync on this build?

    0
  • E

    Ok, Little more information to make this actually a useful post.

    I am running the above listed version. This is my setup.

    I have 2 pf-sense systems running a total of 6 network interfaces.
    2 interfaces are for wan (wanA / wanB)
    1 interface is for office-lan
    1 interface has vlans for ServerLan1 / ServerLan2
    1 interface is for pfsync (direct link)
    1 interface is for management (if i have to plug in directly for one reason or another).

    It appears that when setting pfsense to sync as listed in this guide.
        * Building a fully redundant Cluster with 2 pfSense-systems between WAN/LAN with CARP & pfSync / fSense CARP & pfSync failover-simulation
    http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm

    We are able to sync some things such as the firewall state table. No other information appears to be syncing to the other system.

    However, it appears that after manually exporting the config from system 1 (pfbox-a) then importing it into system 2 (pfbox-b) and making the needed changes to Ip addresses/carp braudcast/sync/etc… We are able to see "Failover" with the carp but are still not syncing any config changes. Any changes to VIP's, Rules, IPSEC, CARP/etc aren't changing.

    On system boot the states do sync from one system to the other and vice versa so that appears to be working. Also, we see a message saying that openVPN is syncing up. Im not exactly sure if this is true because we arent using openVPN (yet) but it is also the only message we see on boot claiming to be preforming a sync.

    When sniffing the network traffic on the pf-sync interface i can see packets going back and forth and on the firewall i have an allow ALL rule set. It dose not appear to be throwing out any packets at this point. It just seems that it is not sending all of the data we want it to. We have even tried setting it to sync only one thing (alias/rules/etc..) and no matter which single thing we are trying to sync it appears that nothing is being sent to the 2nd box.

    We have tried this same config on the "Stable" release and it appears to be properly syncing data from one system to the other. It just seems that this is a problem with the 2.x UNSTABLE versions.

    Please let me know if anyone else is having this problem or if you have any suggestions. We have even tried to do a "Forced Sync" via the command line and it appears to not do anything more than we have seen before already.

    -E

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy