Sync inconsistencies seen in backup files 2.0.3
-
Hello,
Running a pair of 2.0.3 64 bit pfSense installs on Intel Xeon with CARP and pfsync.
After dumping a backup of each firewall and doing a diff, found the following
inconsistencies between the backup files, I assume due to some small
inconsistencies in the syncing code:===
Different names for this timezone (maybe other timezones too?)
fw1: <timezone>Asia/Kolkata</timezone>
fw2: <timezone>Asia/Calcutta</timezone>
===
fw1: further down the page than fw2:
<maximumstates><maximumtableentries><reflectiontimeout><disablenatreflection>yes</disablenatreflection>fw2: <disablenatreflection>yes</disablenatreflection>
===
Spoofmac missing in fw1 and order of the items different between fw1 and fw2
fw1: <enable>further down the page:
<blockpriv>on</blockpriv>
<blockbogons>on</blockbogons>fw2: <spoofmac><enable><blockpriv><blockbogons>===
Two different ways to close the tag seen here:
fw1: <staticroutes>fw2: <staticroutes></staticroutes>
===
Nothing in fw1, only fw2 has a block:
fw1:
fw2: <onetoone><external>1.2.3.4</external>
<interface>wan</interface>
<source><address>10.2.0.30</address>
<destination><any></any></destination></onetoone>
===
In a rule block (extra space in first entry):
fw1:
fw2:
===
In an alias block (punctuation not properly synced):
fw1:
fw2:
===
The fw2 block appears much further down the backup file
(at the end in fact) compared to the fw1 block:fw1: <wol><wolentry><interface>lan</interface>
<mac>f1:1e:ee:da:5a:6a</mac></wolentry></wol>fw2: <wol><wolentry><interface>lan</interface>
<mac>f1:1e:ee:da:5a:6a</mac></wolentry></wol>===
Differences toward the end of these lines:
fw1: <sequence>system_information-container:col1:show,traffic_graphs-container:col1:show,captive_portal_status-container:col1:close,cpu_graphs-container:col1:close,installed_packages-container:col1:close,gateways-container:col2:show,carp_status-container:col2:show,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,interface_statistics-container:col2:show,log-container:col2:close,gmirror_status-container:col2:show,picture-container:col2:close,rss-container:col2:close,openvpn-container:col2:none,wake_on_lan-container:col2:none,services_status-container:col2:show</sequence>
fw2: <sequence>system_information-container:col1:show,traffic_graphs-container:col1:show,captive_portal_status-container:col1:close,cpu_graphs-container:col1:close,installed_packages-container:col1:close,gateways-container:col2:show,carp_status-container:col2:show,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,picture-container:col2:close,rss-container:col2:close,interface_statistics-container:col2:show,log-container:col2:close,gmirror_status-container:col2:show,services_status-container:col2:show,openvpn-container:col2:none,wake_on_lan-container:col2:none</sequence>
===
These differences may be ok and as designed:
fw1: <time>1368016839</time>
<username>admin@1.2.3.4</username>
fw2: <time>1368016842</time>
<username>(system)@172.16.1.2</username>
===
No openvpn entry for fw2:
fw1: <openvpn>fw2:
===
No such block in fw2:
fw1: <ovpnserver><step1><type>local</type></step1>
<step6><authcertca>4f649b9eb2f69</authcertca></step6>
<step9><authcertname>4f649bea1f6bf</authcertname></step9></ovpnserver>fw2:</openvpn></staticroutes></blockbogons></blockpriv></enable></spoofmac></enable></reflectiontimeout></maximumtableentries></maximumstates>
-
Nearly all of those are cases of settings that do not sync.
Only the specific settings listed in the CARP/HA sync options will sync, and that does not include anything in System > General, System > Advanced, interface settings, and so on.
Make sure you have all of the areas checked that you want to sync, or they won't sync.
