Pfsync State Synchronization Troubleshooting

  • I have what appears to be a bit of an oddity.

    All the synchronization between my two nodes seems to work fine except the pfsync state sync.  I'm using a dedicated pfsync interface connected with a crossover cable.  There is a rule on each node to allow all traffic from any to any on the pfsync interface.

    Configuration syncs such as alias or filter changes are now working smoothly for me for about a day since switching from HTTP to HTTPS, but no matter what I try, the state sync does not seem to work.

    If I reboot the primary firewall, I drop any open connections (such as a SSH session).  However, I can reconnect with no problems while the "primary" is down, indicating that the CARP portion seems to be working ok.  Checking Diagnostics->States shows that states exist on the primary but not on the backup.

    I've tried both specifying an IP for pfsync and leaving it blank.  I've disabled/enabled sync as well with no effect.  Rebooting doesn't fix it either.

    I don't see anything relevant in the System Logs.  All I can think of is that maybe pfsync traffic is blocked, but I have a rule allowing everything, so I don't get it.

    Attaching some screenshots.  Are there any troubleshooting tips for fixing this?

  • Check Synchronize enabled on backup one.

  • Doh!  I read that you're not supposed to define sync settings on the backup so I didn't try that.  It must have meant to not define the other settings near the bottom.:(

    Thanks a million, everything works great now.

Log in to reply