Thanks. It looks like Vladimir had the same IP for his pfsync interface. In my config I do not. Except for that minor detail, our configurations are the same. One of my machines stays a MASTER on both CARP interfaces regardless of what happens. If I watch the internal and external interface with tcpdump I see VRRPv2 traffic from both hosts, and the occasional arp. I do not get a notification of a duplicate IP on the pfsync interface, but for the CARP addresses I do (10.0.0.1 and 192.168.0.1). Could it help the configuration to add an advskew and enable preemption? Is there something even simpler than the simple example found at http://www.countersiege.com/doc/pfsync-carp/ ?
I have tested CARP failover (without pfsync) after disabling PF entirely and still have the same problem. Outside of tcpdump, are there any good ways to debug this? [EMAIL PROTECTED] (Xavier Beaudouin) wrote in message news:<[EMAIL PROTECTED]>... > Le 9 juin 04, � 22:26, Chris Golubski a �crit : > > [...] > > > looks pretty straight forward. I'm at the scratching-my-head phase. > > I think you make de mistake : > > [...] > > >> Firewall 1 - master(OpenBSD 3.5): > > [...] > > >> #/etc/hostname.fxp0(PFSYNC if): > >> inet 192.168.254.254 255.255.255.0 NONE > > [...] > > >> Firewall 2 - backup(OpenBSD 3.5): > > [...] > > >> #/etc/hostname.xl0(PFSYNC if): > >> inet 192.168.254.254 255.255.255.0 NONE > > You have same ip on all pfsync if... > > I really think that's why you get that : > > >> /bsd: duplicate IP address 192.168.254.254 sent from Ethernet address > >> 00:90:27:57:7e:71 > > Humm... > > BTW, is it necessary to assign an ip to pfsync interface (this is a > good question for pf gurus ?) > > /Xavier
