PFSync and startup



  • HI !

    I have a cluster of PFsense with a direct attached 1G link between them to pfsync. When I try to restart the backup node, I see in the logs :
    Dec 28 08:55:34 pfsense2 check_reload_status: Reloading filter
    Dec 28 08:55:34 pfsense2 php: : waiting for pfsync…
    Dec 28 08:55:37 pfsense2 php: : Sending HUP signal to 50492
    Dec 28 08:55:37 pfsense2 php: : Sending HUP signal to 50544
    Dec 28 08:55:39 pfsense2 php: : Resyncing OpenVPN instances for interface CARPPRIVE.
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Reloading config...
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Reloading config...
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Loaded Protocol: http (rule dnpipe)
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Loaded Protocol: bittorrent (rule action block)
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Loaded Protocol: edonkey (rule action block)
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Loaded Protocol: freenet (rule action block)
    Dec 28 08:55:43 pfsense2 ipfw-classifyd: Loaded Protocol: tor (rule action block)
    Dec 28 08:56:04 pfsense2 php: : pfsync done in 30 seconds.      <<<<<<<------------------  WOOOOO !!
    Dec 28 08:56:04 pfsense2 php: : Configuring CARP settings finalize...
    Dec 28 08:56:04 pfsense2 kernel: wan_vip10: link state changed to DOWN
    Dec 28 08:56:04 pfsense2 kernel: wan_vip10: INIT -> BACKUP
    Dec 28 08:56:04 pfsense2 kernel: wan_vip10: link state changed to DOWN
    Dec 28 08:56:04 pfsense2 kernel: wan_vip13: link state changed to DOWN
    Dec 28 08:56:04 pfsense2 kernel: wan_vip13: INIT -> BACKUP
    Dec 28 08:56:04 pfsense2 kernel: wan_vip13: link state changed to DOWN
    Dec 28 08:56:04 pfsense2 php: : Message sent to CRIC@grenoble.cnrs.fr OK
    Dec 28 08:56:04 pfsense2 php: : Message sent to CRIC@grenoble.cnrs.fr OK
    Dec 28 08:56:05 pfsense2 php: : waiting for pfsync...
    Dec 28 08:56:05 pfsense2 php: : pfsync done in 0 seconds.
    Dec 28 08:56:05 pfsense2 php: : Configuring CARP settings finalize...
    Dec 28 08:56:05 pfsense2 php: : ROUTING: setting default route to XX.XX.XX.XX
    Dec 28 08:56:05 pfsense2 php: : ROUTING: setting IPv6 default route to 2001:yyyy:yy:yy::yy

    I try to change the code in /etc/inc/interfaces.inc (line 1826) to 60s and the pfsync takes 60s !
    I think there is a problem to exchange the states in the test. I have 2649 entries in the state table...

    My questions are :

    • Why does it take so much time to exchange the states ?
    • Why the process is launched two times ? (the second takes 0s, see logs)
    • Why the WAN link state goes DOWN ? There is two CARP on it (one IPv4 and one IPv6). The WAN link is direct link, no VLAN.


  • Try next snapshot i put a fix that was causing this issue it should behave better now.



  • OK I will try the snapshot wednesday. Thanks a lot !


Locked