/usr/local/pkg/carp_settings.xml - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/pkg/carp_settings.xml @ 23e69ae8

1	a26686cb	Scott Ullrich	<?xml version="1.0" encoding="utf-8" ?>
2			<packagegui>
3			<name>carpsettings</name>
4			<version>0.1.0</version>
5			<title>Services: CARP Settings</title>
6			<!-- configpath gets expanded out automatically and config items will be
7			stored in that location -->
8			<configpath>['installedpackages']['carpsettings']['config']</configpath>
9			<aftersaveredirect>pkg_edit.php?xml=carp_settings.xml&id=0</aftersaveredirect>
10			<!-- Menu is where this packages menu will appear -->
11			<menu>
12			<name>CARP (failover)</name>
13	4762e200	Chris Buechler	<tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent.</tooltiptext>
14	406713e0	Scott Ullrich	<section>Firewall</section>
15			<configfile>carp_settings.xml</configfile>
16	a26686cb	Scott Ullrich	</menu>
17			<tabs>
18	4d4ec7e1	Bill Marquette	<!-- <tab>
19	a26686cb	Scott Ullrich	<text>CARP Virtual IPs</text>
20			<url>/pkg.php?xml=carp.xml</url>
21			</tab>
22	4d4ec7e1	Bill Marquette	-->
23	a26686cb	Scott Ullrich	<tab>
24	49424ec0	Bill Marquette	<text>Virtual IPs</text>
25			<url>firewall_virtual_ip.php</url>
26	a26686cb	Scott Ullrich	</tab>
27			<tab>
28			<text>CARP Settings</text>
29			<url>pkg_edit.php?xml=carp_settings.xml&id=0</url>
30			<active/>
31			</tab>
32			</tabs>
33			<adddeleteeditpagefields>
34			<columnitem>
35			<fielddescr>PFSync Enabled</fielddescr>
36			<fieldname>pfsyncenabled</fieldname>
37			</columnitem>
38			<columnitem>
39			<fielddescr>PFSync IP</fielddescr>
40			<fieldname>pfsyncip</fieldname>
41			</columnitem>
42			<columnitem>
43			<fielddescr>PFSync Interface</fielddescr>
44			<fieldname>pfsyncinterface</fieldname>
45			</columnitem>
46			</adddeleteeditpagefields>
47			<!-- fields gets invoked when the user adds or edits a item. the following items
48			will be parsed and rendered for the user as a gui with input, and selectboxes. -->
49			<fields>
50			<field>
51			<fielddescr>Synchronize Enabled</fielddescr>
52			<fieldname>pfsyncenabled</fieldname>
53	f3698208	Scott Ullrich	<description>
54			PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.
55			<p>
56			NOTE: Clicking save will force a configuration sync!
57			</description>
58	a26686cb	Scott Ullrich	<type>checkbox</type>
59			</field>
60			<field>
61			<fielddescr>Synchronize Interface</fielddescr>
62			<fieldname>pfsyncinterface</fieldname>
63			<type>interfaces_selection</type>
64	4c6598f8	Scott Ullrich	<description>
65			If Synchronize State is enabled, it will utilize this interface for communication.
66	d7c46ccc	Scott Ullrich	<br><b>NOTE:</b> We recommend setting this to a interface other than LAN! A dedicated interface works the best.
67	4c6598f8	Scott Ullrich	<br><b>NOTE:</b> You must define a IP on each machine participating in this failover group.
68			<br><b>NOTE:</b> You must have an IP assigned to the interface on any participating sync nodes.
69			</description>
70	a26686cb	Scott Ullrich	</field>
71	b42ad736	Scott Ullrich	<field>
72			<fielddescr>pfSync sync peer IP</fielddescr>
73			<fieldname>pfsyncpeerip</fieldname>
74			<type>input</type>
75			<description>
76	4762e200	Chris Buechler	Setting this option will force pfsync to synchronize its stable table to this IP address. The default is directed multicast.
77	b42ad736	Scott Ullrich	</description>
78			</field>
79	a26686cb	Scott Ullrich	<field>
80			<fielddescr>Synchronize rules</fielddescr>
81			<fieldname>synchronizerules</fieldname>
82	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the firewall rules to the other CARP host when changes are made..</description>
83	a26686cb	Scott Ullrich	<type>checkbox</type>
84			</field>
85	3fb0b9c1	Scott Ullrich	<field>
86			<fielddescr>Synchronize Firewall Schedules</fielddescr>
87			<fieldname>synchronizeschedules</fieldname>
88	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the firewall schedules to the other CARP host when changes are made.</description>
89	3fb0b9c1	Scott Ullrich	<type>checkbox</type>
90			</field>
91	a26686cb	Scott Ullrich	<field>
92			<fielddescr>Synchronize aliases</fielddescr>
93			<fieldname>synchronizealiases</fieldname>
94	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the aliases over to the other CARP host when changes are made.</description>
95	a26686cb	Scott Ullrich	<type>checkbox</type>
96			</field>
97			<field>
98			<fielddescr>Synchronize nat</fielddescr>
99			<fieldname>synchronizenat</fieldname>
100	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the NAT rules over to the other CARP host when changes are made.</description>
101	a26686cb	Scott Ullrich	<type>checkbox</type>
102			</field>
103	c93e8db6	Scott Ullrich	<field>
104	4762e200	Chris Buechler	<fielddescr>Synchronize IPsec</fielddescr>
105	c93e8db6	Scott Ullrich	<fieldname>synchronizeipsec</fieldname>
106	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the IPsec configuration to the other CARP host when changes are made.</description>
107	c93e8db6	Scott Ullrich	<type>checkbox</type>
108			</field>
109	9f1949b5	Scott Ullrich	<!--
110	975326c5	Scott Ullrich	<field>
111	440f9869	Scott Ullrich	<fielddescr>Synchronize DHCPD</fielddescr>
112			<fieldname>synchronizedhcpd</fieldname>
113			<description>When this option is enabled, this system will automatically sync the DHCP Server settings over to the other carp host when changes are made.</description>
114	975326c5	Scott Ullrich	<type>checkbox</type>
115			</field>
116	9f1949b5	Scott Ullrich	-->
117	c63e4e4c	Scott Ullrich	<field>
118	4762e200	Chris Buechler	<fielddescr>Synchronize Wake on LAN</fielddescr>
119	c63e4e4c	Scott Ullrich	<fieldname>synchronizewol</fieldname>
120	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the WoL configuration to the other CARP host when changes are made.</description>
121	c63e4e4c	Scott Ullrich	<type>checkbox</type>
122			</field>
123	bbb500eb	Scott Ullrich	<field>
124			<fielddescr>Synchronize Static Routes</fielddescr>
125			<fieldname>synchronizestaticroutes</fieldname>
126	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the Static Route configuration to the other CARP host when changes are made.</description>
127	bbb500eb	Scott Ullrich	<type>checkbox</type>
128			</field>
129	ef217c69	Scott Ullrich	<field>
130			<fielddescr>Synchronize Load Balancer</fielddescr>
131			<fieldname>synchronizelb</fieldname>
132	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the Load Balancer configuration to the other CARP host when changes are made.</description>
133	ef217c69	Scott Ullrich	<type>checkbox</type>
134	adf28e73	Scott Ullrich	</field>
135	7c4990af	Scott Ullrich	<field>
136			<fielddescr>Synchronize Virtual IPs</fielddescr>
137	bbb500eb	Scott Ullrich	<fieldname>synchronizevirtualip</fieldname>
138	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the CARP Virtual IPs to the other CARP host when changes are made.</description>
139	7c4990af	Scott Ullrich	<type>checkbox</type>
140	adf28e73	Scott Ullrich	</field>
141	a26686cb	Scott Ullrich	<field>
142			<fielddescr>Synchronize traffic shaper</fielddescr>
143			<fieldname>synchronizetrafficshaper</fieldname>
144	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the traffic shaper configuration to the other CARP host when changes are made.</description>
145	a26686cb	Scott Ullrich	<type>checkbox</type>
146			</field>
147	4dc91251	Scott Ullrich	<field>
148			<fielddescr>Synchronize DNS Forwarder</fielddescr>
149			<fieldname>synchronizednsforwarder</fieldname>
150	4762e200	Chris Buechler	<description>When this option is enabled, this system will automatically sync the DNS Forwarder configuration to the other CARP host when changes are made.</description>
151	42ea4cb4	Scott Ullrich	<type>checkbox</type>
152	adf28e73	Scott Ullrich	</field>
153	a26686cb	Scott Ullrich	<field>
154			<fielddescr>Synchronize to IP</fielddescr>
155			<fieldname>synchronizetoip</fieldname>
156	4762e200	Chris Buechler	<description>Enter the IP address of the firewall you are synchronizing with.</description>
157	a26686cb	Scott Ullrich	<type>input</type>
158	4762e200	Chris Buechler	<note>Note: CARP sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly! Also note that you will not use the Synchronize to IP and password option on backup cluster members!</note>
159	a26686cb	Scott Ullrich	</field>
160			<field>
161	e130cfd3	Scott Ullrich	<fielddescr>Remote System Password</fielddescr>
162			<fieldname>password</fieldname>
163	709cc6e0	Bill Marquette	<description>Enter the webConfigurator password of the system that you would like to synchronize with.</description>
164	e130cfd3	Scott Ullrich	<type>password</type>
165	b1ed5356	Scott Ullrich	<note>NOTE: You will not use the Synchronize to IP and password option on backup cluster members!</note>
166	e130cfd3	Scott Ullrich	</field>
167	a26686cb	Scott Ullrich	</fields>
168	adf28e73	Scott Ullrich	<custom_php_validation_command>
169	c6c029ba	Scott Ullrich	if($_POST["synchronizetoip"]) {
170	adf28e73	Scott Ullrich	if(!is_ipaddr($_POST["synchronizetoip"]))
171			$input_errors[] = "You must specify a valid IP address.";
172	a55e9c70	Ermal Lu?i	$ifdescrs = get_configured_interface_list();
173	c6c029ba	Scott Ullrich	foreach($ifdescrs as $descr)
174	a55e9c70	Ermal Lu?i	if(get_interface_ip($descr) == $_POST["synchronizetoip"])
175	27ecd06e	Scott Ullrich	$input_errors[] = "CARP sync IP must be the backup firewall IP! You cannot specify this firewalls IP in this location.";
176	c6c029ba	Scott Ullrich	if($config['virtualip']['vip']) {
177			foreach($config['virtualip']['vip'] as $vip) {
178			if($vip['subnet'] == $_POST["synchronizetoip"])
179			$input_errors[] = "CARP sync IP must be the backup firewall IP! You cannot specify this firewalls IP in this location.";
180			}
181	a8963d26	Scott Ullrich	}
182	9764f470	Scott Ullrich	}
183	adf28e73	Scott Ullrich	</custom_php_validation_command>
184	7a016866	Scott Ullrich	<custom_add_php_command_late>
185	95da663b	Scott Ullrich	/* setup carp interfaces */
186	0a595d84	Ermal Lu?i	interfaces_carp_setup();
187	95da663b	Scott Ullrich	/* force a filter configure for syncing */
188			filter_configure();
189	adf28e73	Scott Ullrich	</custom_add_php_command_late>
190	85a5da13	Ermal Luçi	</packagegui>

Project

General

Profile

pfSense