Re: [pfSense] Sync problem betweens 2 nodes

Mon, 04 Apr 2016 10:18:06 -0700 


----- Mail original -----
De: "Chris L" <c...@viptalk.net>
À: "Raphaël RIGNIER" <r.rign...@leschartreux.net>
Envoyé: Vendredi 1 Avril 2016 20:09:15
Objet: Re: [pfSense] Sync problem betweens 2 nodes


> On Apr 1, 2016, at 8:23 AM, Raphaël RIGNIER <r.rign...@leschartreux.net> 
> wrote:
> 
> Hi community.
> I'm trying to sync 2 SG-8860 nodes for high avaibality.
> Relase 2.2.6-RELEASE
> I've read the doc on HA from portal.pfsense.org but I'm having an issue.
> 
> Configuration sync from master to slave is almost working.
> But SYNC interface's Firewall rules are cleared on slave each sync attempt.
> If I add a temp allow all rule on slave's SYNC interface, as describe in doc, 
> it is cleared on the next sync event.
> Even if the allow rule is present on master.
> 
> I Haven't seen anithing insterstoing in log files.
> 
> Does someone  have an idea ?
> 
> Thank you.
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

Off-List:

Can you send me Status > Interfaces for both primary and secondary sync 
interfaces including the header bars?

Like this:

Secondary:

PFSYNC interface (opt2, igb5)
Status  up
MAC address     00:08:a2:09:97:d6
IPv4 address    172.22.80.2      
Subnet mask IPv4        255.255.255.248
IPv6 Link Local fe80::208:a2ff:fe09:97d6         
MTU     1500
Media   1000baseT <full-duplex>
In/out packets  8247857/1 (9.38 GB/40 bytes)
In/out packets (pass)   8247857/1 (9.38 GB/40 bytes)
In/out packets (block)  0/0 (0 bytes/0 bytes)
In/out errors   0/0
Collisions      0
--------------

Thank you !
In the doc it was written : 

----
Interface Assignments

Interfaces must be assigned in the same order on all nodes exactly. If the 
interfaces are not aligned, configuration synchronization and other tasks will 
not behave correctly. 
----

I followed your advice and redo config on both nodes from scratch, With all 
physical interfaces assigned, even if not yet set.

Now HA and config sync is working great. I'll have to take care with vlan 
assignement order.

Unfortunatelay, some of my wan are PPPOE. I'll have to avoid CARP VIP on those 
interfaces. But Reconnect would be sufficient.


R. RIGNIER
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to