Where is syncdev set?
I followed the guide here:
And got my 2 systems to sync their settings. However, they don't seem to be syncing their states. So, when I fail the primary, new connections work just fine on the secondary but any existing connections just hang.
I think I may have figured out that the problem seems to be that syncdev isn't being set correctly. For example, I currently have my em5 device on both machines setup as the SYNC interface. Yet, when I do "ifconfig pfsync0" it reports that syncdev is em3. I've tried changing which NIC on both machines I use for the SYNC interface but it never seems to match up with what I've set.
Ideas? Can I force the syncdev somewhere in config.xml?
Firewall, Virtual IPs, Carp Settings, Synchronize Interface has always worked for me. Have you verified this setting on both firewalls?
Yes. Both are set to "SYNC". On both also under Interfaces->Assign the interface named "SYNC" is using em5.
Then on both when I run Diagnotics->Command "ifconfig pfsync0" I have the primary listing "syncdev: em3" and the secondary is (correctly) listing "syncdev: em5"
I tried this using em0 on both and then too also had the primary on em3 and the secondary on em0. So, it appears the problem is that the primary only wants to use em3 (my lan) for some reason.
Any setting that could be messing with that or ideas on what to check/change to further debug?
I've never seen that happen. I'd do standard sanity-checking: Start with a fresh install, try to setup the basic config and CARP stuff without anything fancy.
I took your advice and did a fresh install, then restored my saved config, same issue.
So, I did a fresh install and then manually reconfigured and then it worked just fine.
I've got both saved configs so I'll compare and try to determine what caused the issue.
On both boxes do```
pfctl -ss > states.log