On 12.11.2019. 10:54, Szél Gábor wrote: > Dear Hrvoje, Theo, > > Thank you for your answers! > > answers to the questions: > - who is parent interface for carp? -> vlan ( carp10 interface parent > vlan10 -> vlan10 interface parent -> trunk0 ) > - why vlan interfaces don't have ip address ? -> it wasn't needed! i > think vlan interface need only tag packages. Carp (over vlan) interface > have IP address.
it's little strange to me to not have ip address on parent carp interface, but if it works for you ... ok.. > - vether implies that you have bridge? -> yes whe have only one bridge > for bridget openvpn clients, but we will eliminate it. > > > we will do the following: > - refresh our backup firewall to oBSD 6.6 > - replace trunk interface with aggr > - remove bridge interface this is nice start to make you setup faster. big performance killer in your setup is ipsec and old hardware. maybe oce(4) but i never tested it, so i'm not sure ... if you can, change oce with ix, intel x520 is not that expensive .. bridge is slow, but only for traffic that goes through it. with ipsec, the same second when tunnel is established, forwarding performance will drop significantly on whole firewall ... > if there was an update finised, I'll write again! please do, i would like to hear
