On 2019-11-13, Chris Cappuccio <ch...@nmedia.net> wrote:
> Rachel Roch [rr...@tutanota.de] wrote:
>> Hi,
>> 
>> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) 
>> <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface" 
>> in relation to the syncdev parameter.
>> 
>> Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan 
>> interface for pfsync ?
>> 
>
> It's as secure as your ethernet network is. There is no privacy or
> authentication with pfsync. I don't think that using a vlan is 
> considered a big problem these days. I'm absolutely amazed at the
> volume of data that pfsync generates. Since so many boxes come with extra
> ports, using a vlan may be more complicated than directly connecting
> the boxes together (unless you have more than two machines)
>
>

Use jumbos if you can.


Reply via email to