What's the right way to update 2 pfsense in HA through VPN?
-
Hello everybody, as title says, i bump into a "lost connection" last time i tried to update 2 pfsense in HA via VPN.
I first update the "backup" pfsense, and everything goes smooth.
When i lunch update from webgui on main pfsense, i suddenly lost connection on my VPN and when i reconnect i was connected to VPN but on backup pfsense, and main got stuck, didn't see the update, stick on old version and can't see the new version either.
I resolved this already, but i wonder how to avoid this shit next update!
Any help will be appreciated, thanks! -
@Tony-Soprano
As suggested in Upgrading a High Availability Cluster, you should set primary into the CARP maintenance mode before upgrading it.
So your connections use the secondary for the whole process. You can reboot the primary before and after upgrading and ensure that is working properly. -
Sounds like your VPN is using the CARP IP and it gets disconnected when it fails over. You want to be connected the firewall IPs directly when making this sort of change.
-
@stephenw10 tnx this is exactly what happened, and i used the solution purposed by @viragomann , which is in the end same of yours and it works fine thanks guys!
You're precious as usual!
Respect!
