On 6/8/2020 6:29 AM, Philipp Buehler wrote:
did you follow some "howto" and set net.inet.carp.preempt=1?
Well, if you consider the official openBSD documentation a "how-to",
then yes :).
In the example in https://www.openbsd.org/faq/pf/carp.html under the
section "Combining CARP and pfsync for Failover" it says:
! enable preemption and group interface failover
# sysctl net.inet.carp.preempt=1
# echo 'net.inet.carp.preempt=1' >> /etc/sysctl.conf
As well as in the example in 'man pfsync':
The following must also be added to /etc/sysctl.conf:
net.inet.carp.preempt=1
One of my firewalls has newer hardware and more power than the other, it
is the primary. If I reboot it and the load fails over to the secondary,
I want the load to automatically come back to the primary once it is
available again.
Thanks…
