Hi, sorry to hijack the thread, my question is not directly related, but deals with same goal.
I have physical topology where datacentre has two carped firewalls, while branch offices have single firewall each, with two uplinks: isp2---em0 branchoffice1 datacenterA isp3---em1 em0 \ isp4---em0 carp0---isp1 INTERNET branchoffice2 / isp5---em1 em0 datacenterB ispX---em0 branchofficeN ispY---em1 I'd like to achieve two primary goals: - each branch office has routes to both datacentre and all other branch offices (OSPF?) - each branch office uses em0 as primary link, fails over automatically to em1 when em0 fails I tried GRE tunnels from branch offices' both phsycal interfaces to datacentres' carp interface, but this doesn't work (apparently gre is not aware of carp and links go down when carp master changes). I din't test two gre tunnels for each branch office's physical interface (one to each carp member physical interface), as this seems too cumbersome to maintain even if it worked. Any advices? Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/