Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    messed up dhcpd.conf (and probably other settings)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 241 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rolandk
      last edited by rolandk

      hi,

      due to a hardware failure some time ago which happened during a periaod where we did configure much firewall rule and ipsec settings, somehow we managed to hose/break some settings/configuration.

      i'm not sure how this happened, but iirc, this may be some maloperation via xmlrpc syncing back from the backup node to the primary node.

      i know you should not do that, but it may have been overread because that warning was not printed in fat blinking text. (btw - why is it possible to be configured that way at all when a node already gets synced from a primary one when this is so dangerous? could somebody at least add fat text for better readability ? ).

      however, i see secondary" in dhcpd.conf settings on both fw nodes now and we need to fix this, but don't know what's the correct way. i don't want to try anything which can get us into deeper trouble as we already are...

      would it be ok to recover the dhcpd.conf files from backup (we have on from before firewall failure) and then simply restart dhcpd ? what about existing leases, will that cause trouble ?

      what about other related issues regarding xmlrpc config sync?

      we still have the secondary node being the active one (doing all configuration on the primary one) because since the failure of the first node we needed to add complicated ipsec to the second node before being able to fix the first one - and when trying to sync config back to the first node, all went fine so far - but ipsec did not work so we left secondary node active one since then...

      unfortunately we detected much later that there also is an issue with dhcp.

      could someone help fixing our configuration on first node so we can switch it back to be the primary/active one (i.e. leave carp maintenance mode?)

      thank you!
      roland

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.