Date: Wed, 02 Oct 2013 07:38:46 +0200 From: kron <kron24@gmail.com> To: Pete French <petefrench@ingresso.co.uk> Cc: freebsd-stable@freebsd.org Subject: Re: pfsync between 8.4 and 9.2 Message-ID: <524BB166.9000302@gmail.com> In-Reply-To: <E1VR5uQ-000LWV-9m@dilbert.ingresso.co.uk> References: <E1VR5uQ-000LWV-9m@dilbert.ingresso.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013/10/01 21:47, Pete French wrote: > I just started rolling out 9.2 to all our production machnes, which > are currently on 8.4. We have tested it pretty throughly internally > and are very happy with it, but as part of the deployment have hit > a problem. We have a pair of boxes running as a firewall using carp > and pfsync. One of the - the 'passive' one - has been upgraded to > 9.2, and all works fine as far as carp si concerned, but what I have > found is that pfsync doesnt seem to work - i.e. when it fals over existing > connections are not kept live. This works fine when the boxes are both > running 8.4 > > Of course, I am not sure if fsync is expcted to work across different > OS releases, so my plan was to go ahead and upgrade the other box > on the assumption that when they are both running 9.2 it all will > start working again. But I thought I shiuld mention it here > to see if anyone has seen simila, or to see if anyone says "hmm, it > should work fine between 8.4 and 9.2" > > so, any thoughts ? > > -pete. Warning: I don't know internals, I'm just a user. FreeBSD 7.x and 8.x matched pf of OpenBSD 4.1. IIRC I did run 7 a 8 pfsync-ed together. According to pf(4), FreeBSD 9.2 matches OpenBSD 4.5. Specifically, pfsync(4) says: The pfsync protocol and kernel implementation were significantly modified between OpenBSD 4.4 and OpenBSD 4.5. The two protocols are incompatible and will not interoperate. So I think your experience was predictable, more or less :-) Maybe the information deserves a more prominent place than a man page. The detailed release notes of 9.0 did mention the upgrade pf but not consequences of pfsync. BR, Oli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?524BB166.9000302>