Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Sync inconsistencies seen in backup files 2.0.3

    HA/CARP/VIPs
    2
    2
    1201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eduardr last edited by

      Hello,

      Running a pair of 2.0.3 64 bit pfSense installs on Intel Xeon with CARP and pfsync.

      After dumping a backup of each firewall and doing a diff, found the following
      inconsistencies between the backup files, I assume due to some small
      inconsistencies in the syncing code:

      ===

      Different names for this timezone (maybe other timezones too?)

      fw1: <timezone>Asia/Kolkata</timezone>

      fw2: <timezone>Asia/Calcutta</timezone>

      ===

      fw1: further down the page than fw2:
          <maximumstates><maximumtableentries><reflectiontimeout><disablenatreflection>yes</disablenatreflection>

      fw2: <disablenatreflection>yes</disablenatreflection>

      ===

      Spoofmac missing in fw1 and order of the items different between fw1 and fw2

      fw1: <enable>further down the page:
          <blockpriv>on</blockpriv>
      <blockbogons>on</blockbogons>

      fw2: <spoofmac><enable><blockpriv><blockbogons>===

      Two different ways to close the tag seen here:

      fw1: <staticroutes>fw2: <staticroutes></staticroutes>

      ===

      Nothing in fw1, only fw2 has a block:

      fw1:

      fw2: <onetoone><external>1.2.3.4</external>

      <interface>wan</interface>
      <source>

      <address>10.2.0.30</address>

      <destination><any></any></destination></onetoone>

      ===

      In a rule block (extra space in first entry):

      fw1:

      fw2:

      ===

      In an alias block (punctuation not properly synced):

      fw1:

      fw2:

      ===

      The fw2 block appears much further down the backup file
      (at the end in fact) compared to the fw1 block:

      fw1: <wol><wolentry><interface>lan</interface>
      <mac>f1:1e:ee:da:5a:6a</mac></wolentry></wol>

      fw2: <wol><wolentry><interface>lan</interface>
      <mac>f1:1e:ee:da:5a:6a</mac></wolentry></wol>

      ===

      Differences toward the end of these lines:

      fw1: <sequence>system_information-container:col1:show,traffic_graphs-container:col1:show,captive_portal_status-container:col1:close,cpu_graphs-container:col1:close,installed_packages-container:col1:close,gateways-container:col2:show,carp_status-container:col2:show,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,interface_statistics-container:col2:show,log-container:col2:close,gmirror_status-container:col2:show,picture-container:col2:close,rss-container:col2:close,openvpn-container:col2:none,wake_on_lan-container:col2:none,services_status-container:col2:show</sequence>

      fw2: <sequence>system_information-container:col1:show,traffic_graphs-container:col1:show,captive_portal_status-container:col1:close,cpu_graphs-container:col1:close,installed_packages-container:col1:close,gateways-container:col2:show,carp_status-container:col2:show,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,picture-container:col2:close,rss-container:col2:close,interface_statistics-container:col2:show,log-container:col2:close,gmirror_status-container:col2:show,services_status-container:col2:show,openvpn-container:col2:none,wake_on_lan-container:col2:none</sequence>

      ===

      These differences may be ok and as designed:

      fw1: <time>1368016839</time>

      <username>admin@1.2.3.4</username>

      fw2: <time>1368016842</time>

      <username>(system)@172.16.1.2</username>

      ===

      No openvpn entry for fw2:

      fw1: <openvpn>fw2:

      ===

      No such block in fw2:

      fw1: <ovpnserver><step1><type>local</type></step1>
      <step6><authcertca>4f649b9eb2f69</authcertca></step6>
      <step9><authcertname>4f649bea1f6bf</authcertname></step9></ovpnserver>

      fw2:</openvpn></staticroutes></blockbogons></blockpriv></enable></spoofmac></enable></reflectiontimeout></maximumtableentries></maximumstates>

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Nearly all of those are cases of settings that do not sync.

        Only the specific settings listed in the CARP/HA sync options will sync, and that does not include anything in System > General, System > Advanced, interface settings, and so on.

        Make sure you have all of the areas checked that you want to sync, or they won't sync.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post