Bug #11663
closed
XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
0%
Description
High Availability Sync is not syncing all settings from for example the IPSec Configuration option.
Tested with the VPN -> IPSec -> Advanced Settings -> Advanced IPSec Settings
The activated option "Enable Maximum MSS" where not synced from Master to Slave
If this is a bug, it could be that more options like this will not be synchronized.
Updated by Jim Pingle about 3 years ago
- Subject changed from High Availability Sync not syncing all settings from a active sync option (like IPsec) to XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
- Category changed from High Availability to XMLRPC
- Target version deleted (
21.02.2)
That is specific to that option and not a general XMLRPC problem.
The MSS options are $config['system']['maxmss_enable'] and $config['system']['maxmss'] where the IPsec settings sync only items under $config['ipsec'], and every other setting on that page is under $config['ipsec'].
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
Updated by Manuel M. about 3 years ago
Jim Pingle wrote:
That is specific to that option and not a general XMLRPC problem.
The MSS options are$config['system']['maxmss_enable']and$config['system']['maxmss']where the IPsec settings sync only items under$config['ipsec'], and every other setting on that page is under$config['ipsec'].
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
So the only way is to set up this manually on both machines? Is there a overview which settings become synchronized and which not? Like this one here?
Updated by Jim Pingle about 3 years ago
Manuel M. wrote:
So the only way is to set up this manually on both machines?
Correct
Is there a overview which settings become synchronized and which not? Like this one here?
No, there isn't a list of special cases like this, but they are fairly rare. This is the only one inside a section that synchronizes otherwise that immediately comes to mind.
Updated by Viktor Gurov about 3 years ago
Jim Pingle wrote:
We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since it affects multiple VPNs and not only IPsec, and that may be a better fix than attempting to sync it with IPsec.
see #10493
Updated by Jim Pingle about 3 years ago
- Status changed from New to Duplicate
That is a better path forward