fichtner
commented
1 month ago This is the expected behaviour.
Cheers, Franco
Closed mnietz closed 3 weeks ago
fichtner
commented
1 month ago This is the expected behaviour.
Cheers, Franco
AdSchellevis
commented
1 month ago 
mnietz
commented
1 month ago Thanks, so haproxy can not be used in a ha environment on opnsense?
AdSchellevis
commented
1 month ago I wouldn't know why not, you just have to make sure to sync and restart it on the backup, same as with other services.
mnietz
commented
1 month ago Other services like, ipsec, wireguard and so on work like expected. And restarting haproxy doesn't solve the issue. You need to login to the standby and apply the configuration. I think this is a possible breaking point when you have a very dynamic haproxy configuration.
AdSchellevis
commented
1 month ago sounds like a specific issue for haproxy then
fichtner
commented
4 weeks ago Yep let's move it over then
fraenki
commented
3 weeks ago And restarting haproxy doesn't solve the issue. You need to login to the standby and apply the configuration. I think this is a possible breaking point when you have a very dynamic haproxy configuration.
This seems odd. You don't have to login on the backup firewall. Just navigate to System: High Availability: Status and use the button at the bottom of that page to synchronize "all" to the backup firewall, this will also restart HAProxy (and other services).
You may also consider to setup a cron job that triggers this sync+restart periodically.
mnietz
commented
3 weeks ago Yes this is what i did. But after the synchronisation our standby firewall still works with the previous configuration. I've recognized this as we added/changed some backend-servers and were wondering why this change was not reflected on the standby. After hiting the 'Apply'-Button on the standby everything works like expected.
fraenki
commented
3 weeks ago Just to avoid misunderstanding: you are using this button to sync+restart to the backup firewall?
mnietz
commented
3 weeks ago we installed some minor-updates and did some further testing. Now it works like expected. Thanks for supporting
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
We have a High-Availability Setup with two OPNSense (Version: 24.1.8, the bug also occurs in 24.1.7) running Haproxy.
When we do a config change in Haproxy, for example adding a webserver into the pool and synchronize it to standby. The changes get synced to the standby firewall but they do not get activated.
The web-ui shows a message: "There are pending configuration changes that must be applied in order for them to take effect. To review them visit the Config Diff page". Applying solves the problem.
To Reproduce
see description
Expected behavior
Config get's synced AND applied on a standby firewall.
Describe alternatives you considered
n/a
Screenshots
n/a
Relevant log files
n/a
Additional context
n/a
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.1.8 (amd64). Proxmox VM