Hi, Pfsync + ipsec setup IS broken.
Links: http://marc.info/?l=openbsd-misc&m=143463803906528&w=2 Patch to manual page has been applied: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/man/man4/pfsync.4.diff?r1=1.32&r2=1.33 Please remove example of this setup: "2. Use the ifconfig(8) syncpeer option (see below) so that updates are unicast directly to the peer, then configure ipsec(4) between the hosts to secure the pfsync(4) traffic." from webpage: http://www.openbsd.org/faq/pf/carp.html Thanks Lukasz W dniu 26.06.2015 o 09:45, Jason McIntyre pisze: > On Fri, Jun 26, 2015 at 09:05:08AM +0200, ??ukasz Czarniecki wrote: >> W dniu 25.06.2015 o 12:19, Jason McIntyre pisze: >> >>>>> Please fix this bug or remove this example from documentation. >>>>> For me this setup is broken since 2011. >>>>> http://marc.info/?l=openbsd-misc&m=130624207811609&w=2 >>>>> >>>>> Nobody cares or nobody uses? >>>> >>> >>> i've just committed something similar to the diff below, though i >>> commented out text rather than removing it. >>> >>> thanks for the diff, >>> jmc >> >> >> Thank you. >> Please also remove this line: >> >> 2. Use the ifconfig(8) syncpeer option (see below) so that updates are >> unicast directly to the peer, then configure ipsec(4) between the hosts >> to secure the pfsync(4) traffic. >> >> from http://www.openbsd.org/faq/pf/carp.html >> > > i'm in less well known territory here... > > cc'ing dlg again to ok, and nick to please make the change if he feels > it's right - www pages have their own logic. > > jmc