Hi,
I'm running two obsd 4.4-current boxes as firewall / vpn-endpoints
hot-standby (no balancing). I configured carp like this:
Master:
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan32 vhid 1 advbase 1 advskew 9
groups: carp
inet6 fe80::200:5eff:fe00:101%carp3 prefixlen 64 scopeid 0xc
inet XX.XX.XX.XX netmask 0xfffffff8 broadcast XX.XX.XX.XX
Slave:
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: BACKUP carpdev vlan32 vhid 1 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:101%carp3 prefixlen 64 scopeid 0xc
inet XX.XX.XX.XX netmask 0xfffffff8 broadcast XX.XX.XX.XX
I'm running pfsync and it's working fine (did several tcp / ping tests
switching several time). But if the master boots it will become master
before sasyncd is able to sync status and all ipsec connections get
dropped (ATM I have three monowall www.m0n0.ch/wall endpoints).
The question is how I have to handle this setup. Do I have to play with
advbase? I don't think it's a good idea to trust delays hoping that
sasyncd will do it's job before the first machine becomes master again.
Is there a way to wait for sasyncd or something like that?
Here's the exact version:
# sysctl kern.version
kern.version=OpenBSD 4.4-beta (GENERIC) #987: Wed Jul 23 15:39:48 MDT
2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
Please let me know if you need further informations.
Regards
Hagen Volpers
