On 2013/10/01 21:47, Pete French wrote:> I just started rolling out 9.2 to all our production machnes, which
> are currently on 8.4. We have tested it pretty throughly internally
> and are very happy with it, but as part of the deployment have hit
> a problem. We have a pair of boxes running as a firewall using carp
> and pfsync. One of the - the 'passive' one - has been upgraded to
> 9.2, and all works fine as far as carp si concerned, but what I have
> found is that pfsync doesnt seem to work - i.e. when it fals over existing
> connections are not kept live. This works fine when the boxes are both
> running 8.4
>
> Of course, I am not sure if fsync is expcted to work across different
> OS releases, so my plan was to go ahead and upgrade the other box
> on the assumption that when they are both running 9.2 it all will
> start working again. But I thought I shiuld mention it here
> to see if anyone has seen simila, or to see if anyone says "hmm, it
> should work fine between 8.4 and 9.2"
>
> so, any thoughts ?
>
> -pete.
Warning: I don't know internals, I'm just a user.
FreeBSD 7.x and 8.x matched pf of OpenBSD 4.1. IIRC I did
run 7 a 8 pfsync-ed together.
According to pf(4), FreeBSD 9.2 matches OpenBSD 4.5.
Specifically, pfsync(4) says:
The pfsync protocol and kernel implementation were
significantly modified between OpenBSD 4.4 and OpenBSD
4.5. The two protocols are incompatible and will not
interoperate.
So I think your experience was predictable, more or less
:-) Maybe the information deserves a more prominent place
than a man page. The detailed release notes of 9.0 did
mention the upgrade pf but not consequences of pfsync.
BR,
Oli