I just noticed that a pfsync0 interface is created, I guess this is by PF to sync the states.
the only differences I see between 2.2.1 and 2.1.5 pfsync0 interface is a defer option set and a difference in the MTU on 2.2.1: Interface on 2.1.5 (working) pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1460 pfsync: syncdev: em1 syncpeer: 10.XXX.130.2 maxupd: 128 syncok: 1 Interface on 2.2.1 (Not working) pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500 pfsync: syncdev: em3 syncpeer: 10.XXX.176.18 maxupd: 128 defer: on syncok: 1 Best Ray ----- Original Message ----- > From: "Raimund Sacherer" <r...@logitravel.com> > To: "pfSense Support and Discussion Mailing List" <list@lists.pfsense.org> > Sent: Thursday, March 26, 2015 10:48:13 AM > Subject: [pfSense] pfSense 2.2.1 HA setup does not sync states > Hello List, > I have a HA setup. Everything except state sync works fine. Configuration > syncs correctly. Carp works correct, if I reboot the master, the slave turns > Master and later turns back to Backup. > The only problem I have is that the state does not get synced (right now > there where some 1100 states on one FW and 35 on the other). > I see constant traffic in the range between 200 kbit to over 1 mbit on the > sync interface. > The sync interfaces is a dedicated interface. > I can ping each server from the other (and xmlrpc config works). > I see the pfsync traffic in tcpdump on both servers (lot of traffic from > Master to Backup, some traffic from Backup to Master, this seems right). > But it seems the states do not get applied. > In another remote location we have 2.1.5 installed and it works correctly > syncing the states. > Is there anything I missed, I tripple checked the configuration, state sync > is enabled on Backup, the IPs point to each other, on the backup nothing > else but state sync is enabled. Outbound NAT seems to be correctly > configured, but that should not be a problem for the state sync itself. > I read the pfsense 21draft book and did not find anything related, also there > is not much trouble shooting for state sync, most of it is carp related > which works fine in my case. I am not sure how the state sync is happening, > who or what is syncing? Should there be a deamon running and applying the > states or is this a flag on an interface which PF should recognize behind > the scenes? > Thanks for help, > Best > Ray > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold -- Raimund Sacherer Sistemas Agencia de Viajes Online www.logitravel.com Edificio Logitravel, Parcela 3B (Parc Bit) Ctra. Palma - Valldemossa km 7,4 | 07121 Palma de Mallorca Tel 902 366 847 | Fax 971 213 495 Síguenos en: Descarga nuestras aplicaciones para móvil Este correo electrónico y, en su caso, cualquier fichero anexo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario. Queda prohibida su divulgación, copia o distribución a terceros sin la previa autorización escrita de LOGITRAVEL S.L.. En caso de haber recibido este correo electrónico por error, se ruega notifíquese inmediatamente esta circunstancia mediante reenvío a la dirección electrónica del remitente. Al mismo tiempo LA EMPRESA le recuerda que sus datos forman o formarán parte de un fichero registrado como CLIENTES con número de inscripción 2070610043 en la Agencia General de Protección de Datos, propiedad de la empresa LOGITRAVEL, con domicilio en Edificio Logitravel, Ctra. Palma - Valldemosa km 7,4, Parc Bit, Palma de Mallorca. Usted tiene derecho de acceso, oposición, rectificación y cancelación a estos datos que deberá ejercer mediante escrito a la dirección anteriormente citada.
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
