XMLRPC Sync version check ineffective in some cases
With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense from synchronizing due to configuration differences. This does not seem to be functional currently as a 2.1.x primary can still sync to a 2.2.x secondary which breaks various areas such as outbound NAT, captive portal zones, and others that differ based on the configuration revisions between the versions.
Updated by Jim Pingle almost 7 years ago
Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
Re-tested each possible scenario here. Any time the versions differ, either older or newer, the sync stops as desired.
1: P:11.9 S:11.9 -- Sync worked
2: P:11.9 S:11.8 -- Generated error
3: P:11.9 S:12.0 -- Generated error
4: P:11.8 S:11.9 -- Generated error
5: P:12.0 S:11.9 -- Generated error
6: P:11.9 S:11.9 -- Sync worked again
Tests 4 and 5 were technically redundant (4 the same as 3, 5 the same as 2) but I ran them anyhow for completeness.