On Thu, Jan 31 2008 at 24:21, Steven Surdock wrote:
> Richard Daemon wrote:
> > On Jan 31, 2008 8:36 PM, Sevan / Venture37
> > <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> I definitely would be!
> > I don't have my ISP that does PPPoE anymore, so I have no way to test
> > it...
>
> Carp on pppoe doesn't really make sense, unless I'm missing something.
> For fun, I tried it a while back
> (http://marc.info/?l=openbsd-misc&m=113940624732259&w=2). I suspect the
> "solution" to a redundant firewall cluster with a pppoe interface will
> involve ifstated.
It's the way I solved the same problem. All interfaces are carped but
pppoe. I use ifstated to track carp status.
If the master goes down, then shutdown isakmpd and pppoe
If the slave goes up, then activate pppoe and wait till fully
functionnal (got an ip address)
If the pppoe link become OK, start isakmpd and reapply pf just in case
For the moment, I didn't have any issues on the primary :)
Claer
