As many of us know, packages aren't included in the XMLRPC sync used in pfSense's base system. This is on purpose, because some packages (most?) would need different configs on each host, or they may not support binding to CARP VIPs, etc.

What I'm not sure if is why current package maintainers have separate sync sections for credentials and sync IPs rather than using the system's own settings from the system directly.

Is the current trend only done because that's what other packages are doing? Or is there an advantage that I'm missing to having separate settings? Why not just have a checkbox to enable sync and use the system settings? Are there really that many people using the package sync options but not the main system's sync options?

Main reason I'm asking is that from time to time people forget to update the sync settings in one of the half-dozen places they've entered them when something changes, and it would be best to use the system settings rather than duplicating the information. It would certainly make things easier for users if they didn't have to enter things multiple times.

Hi Jimp,

The pfsense system settings enable only one host to sync and at least on packages I'm maintaining I need a list of hosts to sync and in some cases the host do not has the same password.

I could add a checkbox to use the system sync settings user and password or a custom list of servers or password.

Well the packages should really conform to the system design where possible.

Overriding is fine in special cases, as long as there is a way to use the system settings.

Multiple sync hosts could still be done by cascading, but if the package's sync code is being used separately from the firewall's built-in sync, then that would be a special case anyhow.

Eventually it would be nice to support multiple sync hosts in the firewall directly, but that's a bit of a different issue. Hammer for another nail.

I suspect more often than not, the built-in sync settings would be sufficient for people wanting to use them in an HA/CARP type setup.

Good point. I'll update packages I'm maintaining.

Take a look on squid3 new sync gui.  :)


