Hello misc,
I'm trying to replace my single OpenBSD firewall with a pair of
redundant firewalls. I've been testing this (thanks to the power of
VMware) and so far haven't gotten it to work the way I want/need.
My current setup is:
(Cisco router) <-> (OpenBSD) <-> (Cisco switch running layer 3 routing)
There are a variety of 10.x.x.x subnets floating around so OSPF was
implemented to manage that. All three devices run OSPF. In its current
setup it all works very well.
In my testing of using a pair of boxes with carp/pfsync I've run into a
bit of a snag.
I've read every google result I can in an attempt to figure this out but
have come up empty. Everything I've found is either too vague or isn't
offering the solution to the same scenario I'm attempting to setup.
I'd like OSPF to hand out the carp addresses to the routing tables so
that pfsync can work its magic when a firewall goes down.
What I've manage to accomplish is one of two things.
1) OSPF doesn't work at all and never peers up with its neighbor
2) OSPF works, but hands out both IPs from the physical interfaces and
not the carp interface
Does anyone have any experience with getting this setup working? I can
provide configurations done on the openbsd boxes but really it's nothing
special that I've done.
-brian
