--- Quoting Dag Richards on 2007/03/12 at 18:50 -0700: > Two systems running 4.0 GENERIC#1107 i386 on bge drivers. > They are being used as vpn servers > They are each jacked to their own cisco 2950. The switches are connected > with to each other xover cables. Each host can see the others carp > traffic, pf is configured to quick pass carp traffic. both system > insists on being master. I can ifconfig the desired slave to backup > state but after a couple of seconds it pops back to master. > I am using sasync, the tunnels are all up and traffic flows as expected > though I think that has more to do with pfsync keeping the state tables > synced, and the internal interfaces are behaving correctly.
On the slave, what does 'netstat -sp carp' show for packets received? What do your pf rules look like that are passing carp packets? You're permitting carp packets on the physical interfaces, correct? I'm quite certain you should not be seeing advertisements on the wire from both hosts at the same time. The master advertises on a continual basis. Only during a transition might you see multiple advertisements. For some reason, your slave box is not seeing the advertisements from the master. .joel
