Actions
Bug #16454
openIPv6 CARP events initiated by HA/pfsync
Status:
New
Priority:
Normal
Assignee:
-
Category:
Notifications
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.x
Affected Architecture:
Description
Hello,
I've just upgraded from a very old version of pfSense (2.4.5p1) all the way up to pfSense 2.8.1.
On the pfSense 2.8.1 version, I am getting IPv6 CARP alerts any time a configuration change is made on the primary or when pfSense does it's hourly sync. I have plenty of CARP virtual IPs (IPv4 plus IPv6) but when the sync event happens, only the IPv6 IPs are generating the alerts.
Below is a portion of the system.log output (from the secondary first, then the primary) that shows this happening. I've redacted any public IPs and email addresses from the output.
Secondary node system.log snippet:
Sep 29 09:00:00 deal-edge2 php[41376]: [pfBlockerNG] Starting cron process. Sep 29 09:00:00 deal-edge2 php[41376]: /usr/local/www/pfblockerng/pfblockerng.php: Configuration Change: (system): pfBlockerNG: saving DNSBL changes Sep 29 09:00:00 deal-edge2 check_reload_status[502]: Syncing firewall Sep 29 09:00:00 deal-edge2 php-fpm[17161]: /xmlrpc.php: Configuration Change: (system)@192.168.230.251: Merged in config (pfblockerng, pfblockerngipsettings, pfblockerngdnsblsettings, pfblockernglistsv4, pfblockerngdnsbl, pfblockerngsafesearch sections) from XMLRPC client. Sep 29 09:00:00 deal-edge2 check_reload_status[502]: Syncing firewall Sep 29 09:00:02 deal-edge2 php-fpm[63508]: /xmlrpc.php: Configuration Change: (system)@192.168.230.251: Merged in config (staticroutes, gateways, virtualip, system, aliases, ca, cert, crl, dhcpd, dnshaper, filter, ipsec, nat, openvpn, schedules, shaper, unbound, wol sections) from XMLRPC client. Sep 29 09:00:02 deal-edge2 check_reload_status[502]: Syncing firewall Sep 29 09:00:02 deal-edge2 check_reload_status[502]: Carp backup event Sep 29 09:00:02 deal-edge2 check_reload_status[502]: Carp backup event Sep 29 09:00:02 deal-edge2 check_reload_status[502]: Carp backup event Sep 29 09:00:02 deal-edge2 check_reload_status[502]: Carp backup event Sep 29 09:00:02 deal-edge2 php-fpm[63508]: /xmlrpc.php: waiting for pfsync... Sep 29 09:00:02 deal-edge2 kernel: carp: 31@igb5: BACKUP -> INIT (hardware interface up) Sep 29 09:00:02 deal-edge2 kernel: carp: 31@igb5: INIT -> BACKUP (initialization complete) Sep 29 09:00:02 deal-edge2 kernel: carp: 33@igb5: BACKUP -> INIT (hardware interface up) Sep 29 09:00:02 deal-edge2 kernel: carp: 33@igb5: INIT -> BACKUP (initialization complete) Sep 29 09:00:02 deal-edge2 kernel: carp: demoted by 0 to 0 (pfsync bulk start) Sep 29 09:00:03 deal-edge2 php-fpm[63508]: /xmlrpc.php: pfsync done in 1 seconds. Sep 29 09:00:03 deal-edge2 php-fpm[63508]: /xmlrpc.php: Configuring CARP settings finalize... Sep 29 09:00:03 deal-edge2 check_reload_status[502]: Reloading filter Sep 29 09:00:03 deal-edge2 php-fpm[63508]: /xmlrpc.php: Default gateway setting as default. Sep 29 09:00:03 deal-edge2 php-fpm[63508]: /xmlrpc.php: Removing static route for monitor 8.8.8.8 and adding a new route through xxx.xxx.xxx.xxx Sep 29 09:00:03 deal-edge2 php-fpm[63508]: /xmlrpc.php: Removing static route for monitor 1.1.1.1 and adding a new route through yyy.yyy.yyy.yyy Sep 29 09:00:03 deal-edge2 php-cgi[74266]: notify_monitor.php: Message sent to <redadcted@example.com> OK Sep 29 09:00:04 deal-edge2 php-fpm[41797]: /rc.carpbackup: HA cluster member "(XXXX:XXXX:XXXX:dea1::1@igb5): (WANLT)" has resumed CARP state "BACKUP" for vhid 33 Sep 29 09:00:05 deal-edge2 php-fpm[16650]: /rc.carpbackup: HA cluster member "(XXXX:XXXX:XXXX::2@igb5): (WANLT)" has resumed CARP state "BACKUP" for vhid 31 Sep 29 09:00:05 deal-edge2 php-fpm[64393]: /rc.carpbackup: HA cluster member "(XXXX:XXXX:XXXX:dea1::1@igb5): (WANLT)" has resumed CARP state "BACKUP" for vhid 33 Sep 29 09:00:05 deal-edge2 php-fpm[17161]: /rc.carpbackup: HA cluster member "(XXXX:XXXX:XXXX::2@igb5): (WANLT)" has resumed CARP state "BACKUP" for vhid 3
Primary node system.log output snippet:
Sep 29 09:00:00 deal-edge1 php[75712]: [pfBlockerNG] Starting cron process. Sep 29 09:00:00 deal-edge1 php[75712]: /usr/local/www/pfblockerng/pfblockerng.php: Configuration Change: (system): pfBlockerNG: saving DNSBL changes Sep 29 09:00:00 deal-edge1 check_reload_status[574]: Syncing firewall Sep 29 09:00:00 deal-edge1 php[75712]: [pfBlockerNG] XMLRPC sync is starting. Sep 29 09:00:00 deal-edge1 php[75712]: /usr/local/www/pfblockerng/pfblockerng.php: Beginning XMLRPC sync data to https://192.168.230.252:10443/xmlrpc.php. Sep 29 09:00:00 deal-edge1 php[75712]: /usr/local/www/pfblockerng/pfblockerng.php: XMLRPC reload data success with https://192.168.230.252:10443/xmlrpc.php (pfsense.merge_installedpackages_section). Sep 29 09:00:00 deal-edge1 php[75712]: [pfBlockerNG] XMLRPC sync to [ 192.168.230.252:{port} ] completed successfully. Sep 29 09:00:01 deal-edge1 php-fpm[29035]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://192.168.230.252:10443/xmlrpc.php. Sep 29 09:00:01 deal-edge1 php-fpm[29035]: /rc.filter_synchronize: XMLRPC reload data success with https://192.168.230.252:10443/xmlrpc.php (pfsense.host_firmware_version). Sep 29 09:00:01 deal-edge1 php-fpm[29035]: /rc.filter_synchronize: XMLRPC versioncheck: 24.0 -- 24.0 Sep 29 09:00:01 deal-edge1 php-fpm[29035]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://192.168.230.252:10443/xmlrpc.php. Sep 29 09:00:13 deal-edge1 php-fpm[29035]: /rc.filter_synchronize: XMLRPC reload data success with https://192.168.230.252:10443/xmlrpc.php (pfsense.restore_config_section).
No data to display
Actions