On Thu, Nov 22, 2012 at 12:52 PM, Stefano Busanelli <[email protected]>wrote:
> Dear all, > > at best of my knowledge CARP/pfsync can be used in a truly seamless manner > (for a client perspective) only when pfSense acts as a mere firewall, but > it does not work seamlessly when pfSense acts as a captive portal, for two > reasons: > 1) the database of the authenticated users is not synced across the > gateways of a CARP cluster and for this reason a used should > re-authenticate after a failover; > 2) the ipfw firewall is not supported by pfsync. > > In order to find a workaround to this situation I have written some PHP > code that leveraging on XMLRPC allow to synchronize the authenticated user > database and the ipfw rules across the two gateways (by using a direct link > between them, used also by pfsync). However, I am still not able to achieve > a really seamless failover between the master and the backup node. In other > words, an authenticated user that is watching a Youtube video before the > failover, after the failover he still remains authenticated, but he has to > reload the Youtube video. > > In my opinion, the real bottleneck is ipfw, but maybe I am missing some > points. Do you have some ideas? > > No its not ipfw. You should check if you load tables as well during the sync in ipfw. ipfw as used by CP is stateless so it does not care at what state a connection is. Either the table information is not there or pfsync state is not correct in pf(4). > -- > Stefano* > * > > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
