issues with xmlrpc sync after upgrade from 2.4.3 to 2.4.4-RELEASE-p2



  • After upgrade from from 2.4.3 to 2.4.4-RELEASE-p2 have issues with High Availability Sync enabled. On slave host all openvpn istances restarted when i adding/modifying/deleting users on master host.
    While in sync settings checked only users and certs.
    0_1548677977834_ae669686-9d6a-426b-8c56-cb7e55921ba7-image.png
    On master host openvpn instance not restarted when adding users.

    master log:

    Jan 28 11:29:29 vpn-cc check_reload_status: Syncing firewall
    Jan 28 11:29:29 vpn-cc php-fpm: Local User Database: Successfully created user test-user-4test
    Jan 28 11:29:30 vpn-cc php-fpm: /rc.filter_synchronize: Beginning XMLRPC sync data to http://192.168.33.241:80/xmlrpc.php.
    Jan 28 11:29:30 vpn-cc php-fpm: /rc.filter_synchronize: XMLRPC reload data success with http://192.168.33.241:80/xmlrpc.php (pfsense.host_firmware_version).
    Jan 28 11:29:30 vpn-cc php-fpm: /rc.filter_synchronize: XMLRPC versioncheck: 18.9 -- 18.9
    Jan 28 11:29:30 vpn-cc php-fpm: /rc.filter_synchronize: Beginning XMLRPC sync data to http://192.168.33.241:80/xmlrpc.php.
    Jan 28 11:29:40 vpn-cc php-fpm: /rc.filter_synchronize: XMLRPC reload data success with http://192.168.33.241:80/xmlrpc.php (pfsense.restore_config_section).
    

    Slave log:

    Jan 28 11:29:36 pfSense check_reload_status: Syncing firewall
    Jan 28 11:29:36 pfSense php-fpm: /xmlrpc.php: Adding user: test-user-4test
    Jan 28 11:29:36 pfSense check_reload_status: Syncing firewall
    Jan 28 11:29:36 pfSense check_reload_status: Reloading filter
    Jan 28 11:29:36 pfSense php-fpm: /xmlrpc.php: Resyncing OpenVPN instances.
    Jan 28 11:29:37 pfSense php-fpm: OpenVPN terminate old pid: 50400
    Jan 28 11:29:37 pfSense kernel: ovpns1: link state changed to DOWN
    Jan 28 11:29:37 pfSense check_reload_status: Reloading filter
    Jan 28 11:29:37 pfSense kernel: ovpns1: link state changed to UP
    Jan 28 11:29:37 pfSense php-fpm: OpenVPN PID written: 22234
    Jan 28 11:29:37 pfSense check_reload_status: rc.newwanip starting ovpns1
    Jan 28 11:29:37 pfSense php-fpm: OpenVPN terminate old pid: 92052
    Jan 28 11:29:37 pfSense kernel: ovpns2: link state changed to DOWN
    Jan 28 11:29:38 pfSense kernel: ovpns2: link state changed to UP
    Jan 28 11:29:38 pfSense php-fpm: OpenVPN PID written: 62348
    Jan 28 11:29:38 pfSense check_reload_status: rc.newwanip starting ovpns2
    Jan 28 11:29:38 pfSense php-fpm: OpenVPN terminate old pid: 23573
    Jan 28 11:29:38 pfSense kernel: ovpns3: link state changed to DOWN
    Jan 28 11:29:38 pfSense kernel: ovpns3: link state changed to UP
    Jan 28 11:29:38 pfSense php-fpm: OpenVPN PID written: 92545
    Jan 28 11:29:38 pfSense check_reload_status: Reloading filter
    Jan 28 11:29:38 pfSense check_reload_status: rc.newwanip starting ovpns3
    Jan 28 11:29:38 pfSense php-fpm: OpenVPN terminate old pid: 52551
    Jan 28 11:29:38 pfSense kernel: ovpns4: link state changed to DOWN
    Jan 28 11:29:38 pfSense php-fpm: /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
    Jan 28 11:29:38 pfSense php-fpm: /rc.newwanip: rc.newwanip: on (IP address: 172.16.37.1) (interface: []) (real interface: ovpns1).
    Jan 28 11:29:38 pfSense php-fpm: /rc.newwanip: rc.newwanip called with empty interface.
    Jan 28 11:29:38 pfSense check_reload_status: Reloading filter
    ----------SNIP------------
    Jan 28 11:29:48 pfSense check_reload_status: Starting packages
    Jan 28 11:29:48 pfSense php-fpm: /rc.start_packages: Skipping STARTing packages process because previous/another instance is already running
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip: Info: starting on ovpns5.
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip: on (IP address: 172.16.34.1) (interface: []) (real interface: ovpns5).
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip called with empty interface.
    Jan 28 11:29:49 pfSense check_reload_status: Reloading filter
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection -  ->  172.16.34.1 - Restarting packages.
    Jan 28 11:29:49 pfSense check_reload_status: Starting packages
    Jan 28 11:29:49 pfSense php-fpm: /rc.start_packages: Skipping STARTing packages process because previous/another instance is already running
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip: Info: starting on ovpns6.
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip: on (IP address: 172.16.35.1) (interface: []) (real interface: ovpns6).
    Jan 28 11:29:49 pfSense php-fpm: /rc.newwanip: rc.newwanip called with empty interface.
    Jan 28 11:29:49 pfSense check_reload_status: Reloading filter
    

    slave log https://pastebin.com/vCy2mN38

    In version 2.4.3 openvpn not restarting when adding/modifying/deleting users...



  • anyone?



  • I have the same issue, last week i upgraded to 2.4.4-p2 from 2.4.4 on both my nodes but master now warns
    "A communications error occurred while attempting to call XMLRPC method restore_config_section"

    I tried to uninstall/test/reinstall pfblocker and snort without success.
    Removing both services reports same XMLRPC error.
    Changing pf rules on master replicate as usual on backup
    Changing pfblocker rules on master does not replicate on backup

    At the back i have several years of working HA since pfsense 1.2.3 and no conf changes has been made since then.
    I think is a 2.4.4-p2 specific issue because i also had for weeks a well synced 2.4.4 with a 2.4.4-p1.

    Any idea?


Log in to reply