Hello,
another thing i just realized, which does not feel right, is that pftop does
show me the internal IPs as gateways.
I can´t search or filter for the gateway in pftop. And the states output does
not look right to me either, i´l post data from a 2.1.5 and a 2.2.1:
2.1.5 - This seems fine
Diagnostic/states, 195.XXX.235.102 is the Carp VIP Address, 213.XXX is our SIP
PBX and 10.XXX is a SIP phone in our office
10.XXX.136.4:48022 -> 195.XXX.235.102:6548 -> 213.XXX.154.113:5090
pftop output:
udp Out 10.XXX.136.4:48022 213.XXX.154.113:5090 195.XXX.235.102:6548
MULTIPLE:MULTIPLE 312:27:21 00:00:59 206304 154582K 153 307 140 78
2.2.1 - This just seems odd, and I see this behaviour in 2 remote offices
(where I have 2.2 and 2.2.1 deployed), there I have the phone as gateway!
Diagnostic/states, 10.XXX.100.3 is the Carp VIP Address in the router subnet,
10.XXX.184.14 is the SIP phone in the office and 84.XXX.24.24 is our SIP PBX
10.XXX.100.3:54112 (10.XXX.184.14:2048) -> 84.XXX.24.24:5200
pftop output:
tcp Out 10.XXX.100.3:32152 84.XXX.24.24:80 10.XXX.184.4:2073
FIN_WAIT_2:FIN_WAIT_2 00:01:00 00:00:31 10 1096 0 0 18 113
I am not sure if it is something I did wrong in the configuration, but I
configured a couple of pfSense firewalls in my day and never saw this
behaviour, especially as the configuration is not really that different on the
2.1.5 where everything seems to look and work OK.
???
Best
Ray
----- Original Message -----
> From: "Raimund Sacherer" <[email protected]>
> To: "pfSense Support and Discussion Mailing List" <[email protected]>
> Sent: Thursday, March 26, 2015 10:48:13 AM
> Subject: [pfSense] pfSense 2.2.1 HA setup does not sync states
> Hello List,
> I have a HA setup. Everything except state sync works fine. Configuration
> syncs correctly. Carp works correct, if I reboot the master, the slave turns
> Master and later turns back to Backup.
> The only problem I have is that the state does not get synced (right now
> there where some 1100 states on one FW and 35 on the other).
> I see constant traffic in the range between 200 kbit to over 1 mbit on the
> sync interface.
> The sync interfaces is a dedicated interface.
> I can ping each server from the other (and xmlrpc config works).
> I see the pfsync traffic in tcpdump on both servers (lot of traffic from
> Master to Backup, some traffic from Backup to Master, this seems right).
> But it seems the states do not get applied.
> In another remote location we have 2.1.5 installed and it works correctly
> syncing the states.
> Is there anything I missed, I tripple checked the configuration, state sync
> is enabled on Backup, the IPs point to each other, on the backup nothing
> else but state sync is enabled. Outbound NAT seems to be correctly
> configured, but that should not be a problem for the state sync itself.
> I read the pfsense 21draft book and did not find anything related, also there
> is not much trouble shooting for state sync, most of it is carp related
> which works fine in my case. I am not sure how the state sync is happening,
> who or what is syncing? Should there be a deamon running and applying the
> states or is this a flag on an interface which PF should recognize behind
> the scenes?
> Thanks for help,
> Best
> Ray
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
