HA XMLRPC error
-
If the primary has an open https connection to the secondary and is trying to send the config changes and something kills the state out from under it, it will continue to try to send the data until it times out and quits.
It will be out-of-state like anything else in that case.
# default deny rules block in log inet all tracker 1000000103 label "Default deny rule IPv4" block out log inet all tracker 1000000104 label "Default deny rule IPv4"1000000104 is the outbound default deny so that would log like that.
-
Yeah I get that it is out of state, but it would be logged as an outbound block?? This is what is confusing me..
-
Sorry. updated again lol
-
Ah that is why its block as outbound.. Then..
block out log inet all tracker 1000000104 label "Default deny rule IPv4"
Normally never see outbound blocks.. But if its pfsense itself doing the talking, and the state goes away then that rule would block it since the state is missing. Until the process on pfsense creates a new state by sending syn.
-
Yeah. Everything that was initially set up by the TCP handshake starting with a SYN going out has been blown away so...
-
Ok that makes sense then - thanks. Even though there is a rule that allows pfsense to talk out, it still needs a valid state.
-
So if they are seeing this block - how do they restart the sync process so there is a new state created? I really need to play more with the HA stuff.. Time to fire up some vms and play with the HA setup ;) My understanding of the inner works of that is very lacking - I just have not had need to play with it.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz It will kick off another sync when another change is made or there's a button in Status > Filter Reload (of all places).
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
hehe - that image just got better, I was thinking man derelict must be blind if has fonts/resolution set like that ;) Now it looks normal.. Before it was HUGE ;)
-
@johnpoz It plays pretty nice in VMs. If you decide to lab it and have any questions just shout. Nothing special needed in proxmox.
-
But if the sync is having issues talking to the other side, wouldn't it auto send a new syn?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz I made a folder action that automatically downsizes screencaps from the 4K when they are taken. I have gotten lazy with Cmd-Option-Shift-4 (instead of Cmd-Shift-4) because it automatically sends the capture to the clipboard instead of the disk.
-
@johnpoz said in HA XMLRPC error:
But if the sync is having issues talking to the other side, wouldn't it auto send a new syn?
A config sync is a one-time/as-needed event. If the connection fails it isn't retried - or maybe it is I don't know. Not really sure of why it is coded that way (if it is) and wouldn't understand it if I looked in there.
But that would not change those logged blocks or the logged XMLRPC message. It would just try again and succeed.
-
So you running 4k on your monitor? You Suck! ;) you have all the good toys!
-
@johnpoz 5K iMac with a 4K on each side
-
Yeah you suck! ;) heheheh.. I finally updated main tv to 4k.. But upgrading my pc to do 4k with new monitor is cost prohibitive currently.. Damn budget committee (wife) can be a problem ;)
-
Hy
Nothing changes made everything is on default values.
The problem now gone when i checked out the gateway monitoring.Now its a little bit like pfsense has a soul :D
-
@Derelict said in HA XMLRPC error:
@johnpoz It will kick off another sync when another change is made or there's a button in Status > Filter Reload (of all places).
DAMN! Never even saw that/realized it is there. Important tidbit to add to my slides! :)
mutters to self: so many HA setups and never even saw that button... might be getting blind on my old days...
-
Status (CARP) seems like a better place for that. There must be...reasons.
Yeah. It's there because it gives progress feedback using the same mechanism as a filter reload.
-
@Derelict said in HA XMLRPC error:
Status (CARP) seems like a better place for that. There must be...reasons.
I'm sure ;) But ... what about bringing it to both places? I must say the filter reload screen is one of the last (and least) ones I was ever using and would have never searched for a HA related sync button there.
