Solved: /bsd: carpN: ip_output failed: 65
Hi all Disbling ipv6 on the ifs didn't help. It turned out pf was blocking the outgoing carp advertisements on 2 out of 4 interfaces without logging. Adding keep state (no-sync) to the carp rules, activating them, and then flushing states on both firewalls finally brought the cluster back to normal. Thanks to cd for the help. lg /markus On 01/15/12 16:18, Markus Wernig wrote: Hi all After upgrading to 5.0 (and also on -current) I keep getting those errors for 2 out of 4 carp'd interfaces in a fw cluster pair: /bsd: carp2: ip_output failed: 65 /bsd: carp3: ip_output failed: 65 And effectively, no CARP traffic is seen on those two interfaces, neither in nor out. Both boxes assume master status on the if. I got a gut feeling that this has something to do with ipv6, which I do not use at all on the boxes. My pf ruleset is actually ipv4 only. I do see ipv6 addresses on the phyif and carpif though (which I have not configured). Could it be that I need to add something to my ruleset? Any way to totally disable ipv6 for a test? krgds /markus
Re: /bsd: carpN: ip_output failed: 65
* Markus Wernig liste...@wernig.net [2012-01-15 16:19]: After upgrading to 5.0 (and also on -current) I keep getting those errors for 2 out of 4 carp'd interfaces in a fw cluster pair: /bsd: carp2: ip_output failed: 65 /bsd: carp3: ip_output failed: 65 i bet pf is blocking your carp announcements. 65 is EHOSTUNREACH and exactly the error in that case. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
/bsd: carpN: ip_output failed: 65
Hi all After upgrading to 5.0 (and also on -current) I keep getting those errors for 2 out of 4 carp'd interfaces in a fw cluster pair: /bsd: carp2: ip_output failed: 65 /bsd: carp3: ip_output failed: 65 And effectively, no CARP traffic is seen on those two interfaces, neither in nor out. Both boxes assume master status on the if. I got a gut feeling that this has something to do with ipv6, which I do not use at all on the boxes. My pf ruleset is actually ipv4 only. I do see ipv6 addresses on the phyif and carpif though (which I have not configured). Could it be that I need to add something to my ruleset? Any way to totally disable ipv6 for a test? krgds /markus