On 2013/10/01 21:47, Pete French wrote: > I just started rolling out 9.2 to all our production machnes, which > are currently on 8.4. We have tested it pretty throughly internally > and are very happy with it, but as part of the deployment have hit > a problem. We have a pair of boxes running as a firewall using carp > and pfsync. One of the - the 'passive' one - has been upgraded to > 9.2, and all works fine as far as carp si concerned, but what I have > found is that pfsync doesnt seem to work - i.e. when it fals over existing > connections are not kept live. This works fine when the boxes are both > running 8.4 > > Of course, I am not sure if fsync is expcted to work across different > OS releases, so my plan was to go ahead and upgrade the other box > on the assumption that when they are both running 9.2 it all will > start working again. But I thought I shiuld mention it here > to see if anyone has seen simila, or to see if anyone says "hmm, it > should work fine between 8.4 and 9.2" > > so, any thoughts ? > > -pete.
Warning: I don't know internals, I'm just a user. FreeBSD 7.x and 8.x matched pf of OpenBSD 4.1. IIRC I did run 7 a 8 pfsync-ed together. According to pf(4), FreeBSD 9.2 matches OpenBSD 4.5. Specifically, pfsync(4) says: The pfsync protocol and kernel implementation were significantly modified between OpenBSD 4.4 and OpenBSD 4.5. The two protocols are incompatible and will not interoperate. So I think your experience was predictable, more or less :-) Maybe the information deserves a more prominent place than a man page. The detailed release notes of 9.0 did mention the upgrade pf but not consequences of pfsync. BR, Oli _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
