Hi List, sorry to be impatiant, but I am on another continent and I have very limited time and need to make a decision if I should reinstall and reconfigure the FW with 2.1.5 (which I only can do at night/this weekend). There are a couple of problems in doing so, therefore I would prefer that my problems are introduced because of my ignorance and fixable with configuration changes.
Because I can´t believe that what I see (State sync not applying, Gateways not correctly showing up in pftop/state diagnostic) is general in 2.2(.1). Others would have noticed in Beta/long before me. Thank you, Best Ray ----- Original Message ----- > From: "Raimund Sacherer" <r...@logitravel.com> > To: "pfSense Support and Discussion Mailing List" <list@lists.pfsense.org> > Sent: Thursday, March 26, 2015 2:06:36 PM > Subject: Re: [pfSense] pfSense 2.2.1 HA setup does not sync states > Hello, > another thing i just realized, which does not feel right, is that pftop does > show me the internal IPs as gateways. > I can´t search or filter for the gateway in pftop. And the states output does > not look right to me either, i´l post data from a 2.1.5 and a 2.2.1: > 2.1.5 - This seems fine > Diagnostic/states, 195.XXX.235.102 is the Carp VIP Address, 213.XXX is our > SIP PBX and 10.XXX is a SIP phone in our office > 10.XXX.136.4:48022 -> 195.XXX.235.102:6548 -> 213.XXX.154.113:5090 > pftop output: > udp Out 10.XXX.136.4:48022 213.XXX.154.113:5090 195.XXX.235.102:6548 > MULTIPLE:MULTIPLE 312:27:21 00:00:59 206304 154582K 153 307 140 78 > 2.2.1 - This just seems odd, and I see this behaviour in 2 remote offices > (where I have 2.2 and 2.2.1 deployed), there I have the phone as gateway! > Diagnostic/states, 10.XXX.100.3 is the Carp VIP Address in the router subnet, > 10.XXX.184.14 is the SIP phone in the office and 84.XXX.24.24 is our SIP PBX > 10.XXX.100.3:54112 (10.XXX.184.14:2048) -> 84.XXX.24.24:5200 > pftop output: > tcp Out 10.XXX.100.3:32152 84.XXX.24.24:80 10.XXX.184.4:2073 > FIN_WAIT_2:FIN_WAIT_2 00:01:00 00:00:31 10 1096 0 0 18 113 > I am not sure if it is something I did wrong in the configuration, but I > configured a couple of pfSense firewalls in my day and never saw this > behaviour, especially as the configuration is not really that different on > the 2.1.5 where everything seems to look and work OK. > ??? > Best > Ray > ----- Original Message ----- > > From: "Raimund Sacherer" <r...@logitravel.com> > > > To: "pfSense Support and Discussion Mailing List" <list@lists.pfsense.org> > > > Sent: Thursday, March 26, 2015 10:48:13 AM > > > Subject: [pfSense] pfSense 2.2.1 HA setup does not sync states > > > Hello List, > > > I have a HA setup. Everything except state sync works fine. Configuration > > syncs correctly. Carp works correct, if I reboot the master, the slave > > turns > > Master and later turns back to Backup. > > > The only problem I have is that the state does not get synced (right now > > there where some 1100 states on one FW and 35 on the other). > > > I see constant traffic in the range between 200 kbit to over 1 mbit on the > > sync interface. > > > The sync interfaces is a dedicated interface. > > > I can ping each server from the other (and xmlrpc config works). > > > I see the pfsync traffic in tcpdump on both servers (lot of traffic from > > Master to Backup, some traffic from Backup to Master, this seems right). > > > But it seems the states do not get applied. > > > In another remote location we have 2.1.5 installed and it works correctly > > syncing the states. > > > Is there anything I missed, I tripple checked the configuration, state sync > > is enabled on Backup, the IPs point to each other, on the backup nothing > > else but state sync is enabled. Outbound NAT seems to be correctly > > configured, but that should not be a problem for the state sync itself. > > > I read the pfsense 21draft book and did not find anything related, also > > there > > is not much trouble shooting for state sync, most of it is carp related > > which works fine in my case. I am not sure how the state sync is happening, > > who or what is syncing? Should there be a deamon running and applying the > > states or is this a flag on an interface which PF should recognize behind > > the scenes? > > > Thanks for help, > > > Best > > > Ray > > > _______________________________________________ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold -- Raimund Sacherer Sistemas Agencia de Viajes Online www.logitravel.com Edificio Logitravel, Parcela 3B (Parc Bit) Ctra. Palma - Valldemossa km 7,4 | 07121 Palma de Mallorca Tel 902 366 847 | Fax 971 213 495 Síguenos en: Descarga nuestras aplicaciones para móvil Este correo electrónico y, en su caso, cualquier fichero anexo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario. Queda prohibida su divulgación, copia o distribución a terceros sin la previa autorización escrita de LOGITRAVEL S.L.. En caso de haber recibido este correo electrónico por error, se ruega notifíquese inmediatamente esta circunstancia mediante reenvío a la dirección electrónica del remitente. Al mismo tiempo LA EMPRESA le recuerda que sus datos forman o formarán parte de un fichero registrado como CLIENTES con número de inscripción 2070610043 en la Agencia General de Protección de Datos, propiedad de la empresa LOGITRAVEL, con domicilio en Edificio Logitravel, Ctra. Palma - Valldemosa km 7,4, Parc Bit, Palma de Mallorca. Usted tiene derecho de acceso, oposición, rectificación y cancelación a estos datos que deberá ejercer mediante escrito a la dirección anteriormente citada.
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
