Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsync State Synchronization Troubleshooting

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    3
    14.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jwbrown77
      last edited by

      I have what appears to be a bit of an oddity.

      All the synchronization between my two nodes seems to work fine except the pfsync state sync.  I'm using a dedicated pfsync interface connected with a crossover cable.  There is a rule on each node to allow all traffic from any to any on the pfsync interface.

      Configuration syncs such as alias or filter changes are now working smoothly for me for about a day since switching from HTTP to HTTPS, but no matter what I try, the state sync does not seem to work.

      If I reboot the primary firewall, I drop any open connections (such as a SSH session).  However, I can reconnect with no problems while the "primary" is down, indicating that the CARP portion seems to be working ok.  Checking Diagnostics->States shows that states exist on the primary but not on the backup.

      I've tried both specifying an IP for pfsync and leaving it blank.  I've disabled/enabled sync as well with no effect.  Rebooting doesn't fix it either.

      I don't see anything relevant in the System Logs.  All I can think of is that maybe pfsync traffic is blocked, but I have a rule allowing everything, so I don't get it.

      Attaching some screenshots.  Are there any troubleshooting tips for fixing this?
      primary-carp.png
      primary-carp.png_thumb
      backup-carp.png
      backup-carp.png_thumb

      1 Reply Last reply Reply Quote 0
      • E
        Eugene
        last edited by

        Check Synchronize enabled on backup one.

        http://ru.doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • J
          jwbrown77
          last edited by

          Doh!  I read that you're not supposed to define sync settings on the backup so I didn't try that.  It must have meant to not define the other settings near the bottom.:(

          Thanks a million, everything works great now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post