Date: Wed, 13 Jul 2016 15:35:23 +0200 From: Patrick Lamaiziere <patfbsd@davenulle.org> To: freebsd-net@freebsd.org Subject: 10/stable pfsync bulk fail Message-ID: <20160713153523.1640e0e0@mr185083>
next in thread | raw e-mail | index | archive | help
Hello, 10/stable rev 302560 I'm building a pair of firewalls with pf and carp and the states are well synchronized between the firewalls. But at startup or using "service pfsync restart" pfsync fails the bulk update. In rare situations the bulk is successful but I don't know why. Jul 13 15:01:31 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start) Jul 13 15:02:32 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk done) Jul 13 15:03:07 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start) Jul 13 15:04:12 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk fail) /etc/rc.conf pfsync_enable="YES" pfsync_syncdev="ix1" # ix1 : pfsync ifconfig_ix1="inet 192.168.255.253/24 -tso -lro -vlanhwtso description PF_SYNC" and on the second FW # ix1 : pfsync ifconfig_ix1="inet 192.168.255.254/24 -tso -lro -vlanhwtso description PF_SYNC" and ix1 is skip in pf.conf I've tried user the syncpeer option too. Does it work for you? Or any idea Thanks, regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160713153523.1640e0e0>