XMLRPC Sync version check ineffective in some cases
With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense from synchronizing due to configuration differences. This does not seem to be functional currently as a 2.1.x primary can still sync to a 2.2.x secondary which breaks various areas such as outbound NAT, captive portal zones, and others that differ based on the configuration revisions between the versions.
Check both greater and less than for the configuration version in XMLRPC sync. Fixes #4902
#1 Updated by Jim Pingle over 4 years ago
Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.
#5 Updated by Jim Pingle about 4 years ago
- Status changed from Feedback to Resolved
Re-tested each possible scenario here. Any time the versions differ, either older or newer, the sync stops as desired.
1: P:11.9 S:11.9 -- Sync worked
2: P:11.9 S:11.8 -- Generated error
3: P:11.9 S:12.0 -- Generated error
4: P:11.8 S:11.9 -- Generated error
5: P:12.0 S:11.9 -- Generated error
6: P:11.9 S:11.9 -- Sync worked again
Tests 4 and 5 were technically redundant (4 the same as 3, 5 the same as 2) but I ran them anyhow for completeness.