q
Hi, Like a questioner, may i ask you one question. Is there some history about hardware which you get for free from users. For example, may be you sold some tower or slim for food at the begging. I don't ask you what now, but it's too interest and will be great to see some page, where you track your hardware which you sent to community to help, etc. I mean, some funny history about such hardware, which you get, but didn't know what to do with it. OR I mean, some funny history about such hardware, which you was getting, but was not knew what to do with it. -Sorry for my bad English. Some what you change for beer or something. Could you share your personal experience around this at start of project? When you were alone, but something already have gave result. Some people have sent you help... Some hardware. What did you do with it? I think about some project at mobile industry, only with open source and reciprocity, some hippy's world where i can work in full power, and do not think so much about money, new hardware, by and for users. Anonymously, without connect to any corporations or goverment structure. Your skills, experience and some wishes will be great for me. For example, some people sent eight iPhone's the second generation to me . I will sell seven at one time, when i am a developer of some cross-platform systems. As I can see, you already meet such situation. So, some page, where is the hardware, what happens, who have burned it already, why, etc, its would be popular part of openbsd site. With history by photos, comments, some logs. Did you you think like me? Greetings.
Re: Most secure Operating-System?
Marco, You're thinking of that C2 aren't you? Heh, but he wanted a network stack. I'm thinking MS-DOS with the network stack... Alec, Why are you trolling? If this is a real project/proposal, you need a hell of a lot more help than this. On Mon, Sep 5, 2011 at 4:40 PM, Marco Peereboom wrote: > Windows NT 3.51 without a network stack. > > On Sep 5, 2011, at 8:55, Alec Taylor wrote: > >> Good evening, >> >> What's the most secure operating system? >> >> /me is thinking OpenBSD >> >> Features required: >> TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by >> incorporating Internet access!) >> GUI >> Web-server (with HTTPS capabilities) >> LDAP+-Kerberos server for User auth >> CAS or similar for SSO >> Radius or (preferably) Diameter support >> Java support >> WINE compatible >> Multithreaded >> Multi-processor capable >> Wide architecture support (x86, x64, mainframes) >> >> If my project proposal is successful, I will be implementing this >> system to replace a Windows environment at one of the largest banks in >> the country. >> >> Thanks for all suggestions+advice, >> >> Alec Taylor > > -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Westpac Bank Notice
- This mail is in HTML. Some elements may be ommited in plain text. - Westpac Protection Alert An attempt to access Westpac online was denied 30mins ago: If you do not remember trying to access online banking, please select: That was NOT me Westpac Banking Corporation. All rights reserved ..
Re: Most secure Operating-System?
Windows NT 3.51 without a network stack. On Sep 5, 2011, at 8:55, Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD > > Features required: > TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > GUI > Web-server (with HTTPS capabilities) > LDAP+-Kerberos server for User auth > CAS or similar for SSO > Radius or (preferably) Diameter support > Java support > WINE compatible > Multithreaded > Multi-processor capable > Wide architecture support (x86, x64, mainframes) > > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. > > Thanks for all suggestions+advice, > > Alec Taylor
GRATUIT - La meilleure application Iphone pour trouver et reserver un Hôtel
Hotel HNR V2 Annonce Si ce message ne s'affiche pas correctement, vous pouvez le visualiser grC"ce C ce lien. B B La meilleure application iPhone de rC)servation db HC4tel Voyagez lC)ger, contentez-vous de votre iPhone B et dC)couvrez notre derniC(re rC)alisation : Hotel HNR ( Hotel Net- Resa ) version 2. 0.1 b OC9 que vous soyez trouvez un HC4tel, rC)servez-le et bC)nC)ficiez des meilleurs tarifs bB B Cette application, utilisable par tous, B dispose des fonctions les plus utiles.B ApprC)ciez cet outil, exemple de notre travail dbC)diteur de solutions professionnelles du tourisme dbaffaire et de lbC)venementiel. En vous souhaitant de bonnes vacancesB B B B RC)servationsB B Bons plans B TC)lC)chargement B B B B B B B B B B B B B B B B B B B B B B B B B B B Utilisez votre iPhone pour trouver, visiter et rC)server votre sC)jour. bB 100 000 HC4tels dans le monde entier en direct bB DisponibilitC)s, services, apprC)ciations clients et 2 millions de photos pour mieux vous informer.B bB RC)servation, sans frais, sC)curisC)e et mC)morisC)e.B B Nous sC)lectionons quotidiennement les meilleures promotions : bDes remises de 30 C70 %B bBUne liste exclusive HC4tel HNR B bBDes offres actualisC)es heure par heure B HC4tel HNR, est une application gratuite : B bB C ompatible iPhone, iPad et iPod Touch. bBTC)lC)chargez la sur lb App Store bBEn savoir plus sur HC4tel HNR B B B Vous avez vous aussi un projet iPhone ?B nous lbC)tudions sans engagement de votre part B B B Hotel Net-Resa - B Gipco-ADNS - Web-ADNS B B Mail-Adns sont C)ditC)s par ALGO DATA B B Si ce message ne s'affiche pas correctement, vous pouvez le visualiser grC"ce C ce lien. Si vous souhaitez ne plus recevoir de message de cette liste.
Re: Most secure Operating-System?
On Mon, Sep 5, 2011 at 3:07 PM, Amit Kulkarni wrote: > AFAIK it doesn't run on current mainframes. Only IBM's various OS's > run on mainframes, as IBM has a corner on that mainframe market. But with the Hercules emulator, you can run the mainframe on your desktop!!! :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: Most secure Operating-System?
> Features required: > TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > GUI > Web-server (with HTTPS capabilities) > LDAP+-Kerberos server for User auth > CAS or similar for SSO > Radius or (preferably) Diameter support > Java support > WINE compatible Wine just got deleted from ports > Multithreaded > Multi-processor capable all modern OS's are. > Wide architecture support (x86, x64, mainframes) AFAIK it doesn't run on current mainframes. Only IBM's various OS's run on mainframes, as IBM has a corner on that mainframe market.
Re: Laptop hard drive and emergency unload
On Mon, 05 Sep 2011 14:25:46 -0400 Steve wrote: > For the fun of it, I just installed 4.9 (AMD64) on an SD card, booted > from the card and mounted one of my Ext3 partitions on the hard disk. > I copied a file from the disk to the card to be sure it was active, > umounted the hard disk and halted. Not a sound from the disk no > click, nothing. for testing, use -current/snapshots. http://marc.info/?l=openbsd-cvs&m=127460880427991&w=2 """ Changes by: kette...@cvs.openbsd.org2010/05/23 03:58:58 Modified files: sys/dev/ata: wd.c Log message: Place drive in standby mode before shutdown. Avoids the loud click heard on many laptops when powering them down. """ That went into 4.8, the oldest supported OpenBSD version. "Hail to the kettenis@, baby!"
Re: Laptop hard drive and emergency unload
For the fun of it, I just installed 4.9 (AMD64) on an SD card, booted from the card and mounted one of my Ext3 partitions on the hard disk. I copied a file from the disk to the card to be sure it was active, umounted the hard disk and halted. Not a sound from the disk no click, nothing. On 11-09-05 11:13 AM, Philippe Meunier wrote: Steve wrote: 6.3.6.1 Emergency unload [... ]Emergency unload is intended to be invoked in rare situations. Because this operation is inherently uncontrolled, it is more mechanically stressful than a normal unload. Yes. I have a Thinkpad T43 with a Hitachi Travelstar 5K100 (HTS541060G9AT00) and used to have the same problem: when shutting down the computer, the power would be removed from the hard disk while the heads were still loaded and the disk would then have to perform an emergency unload, which resulted in the disk making a loud click. This was the case for me from (I think) OpenBSD 3.9, when I first installed OpenBSD, up to and including 4.8. A few months ago I upgraded to 4.9 (stable) and since then I can hear the disk normally unloading the heads (a short series of 4-5 muffled clicks in very short succession with a slightly increasing pitch) before powering down, which is much quieter. My disk and I both thank whoever implemented that change :-) On Sep 3, 2011, at 15:41, Steve wrote: Can anyone suggest what I could do to stop this from happening? Well, it depends... You could try to manually sync(8) the disk, do something like "atactl wd0 apmset 1" (YMMV) to put the disk into standby power saving mode, which would result in the heads being unloaded after a short time, and then halt(8) the computer. The problem is that, as part of the normal powerdown sequence, OpenBSD writes some logs of the shutdown on the disk (which would then reload its heads) and also syncs the disk (I don't know if that action alone would reload the disk heads or not if there were no actual data to sync to the disk; using sync(8) twice in sequence results in my disk's light blinking twice but whether the second blink actually means anything with regard to the disk's heads is an entirely different question...) You could try to play with halt(8)'s -q and -n options and see what happens, but I wouldn't recommend it... Even if you were lucky and it worked, it would be an annoyance to do that every time and it'd be very easy to make a mistake and lose data. You could write scripts to automate the process but you'd be on your own if something went wrong... You could also try the following: - put the root partition, /var/log, and everything else required for a normal shutdown, on a USB stick and boot from that - have all the other stuff (/home, /usr/local, etc) on your disk - before shutting down, manually unmount all the partitions that are on the disk (forcing the unmount if necessary), use atactl to put the disk in a low-power mode that results in the heads being unloaded, then shutdown the computer as usual. Slightly better than the above, but again it'd be annoying to do and it'd be easy to make a mistake... With all that being said, I happily used OpenBSD on my laptop for about five years with my hard disk doing an emergency unload on every shutdown, and never had any problem. It's up to you to decide whether you can sleep at night knowing that your disk goes through a very small number of "mechanically stressful" events every day. 2 emergency unloads supported by your disk at a minimum (or so Hitachi says...) / 5 shutdowns a day (say) = about 11 years... So it might be an acceptable solution to you until time (and if...) an OpenBSD developer decides to fix your problem. You have backups anyway, right? :-) Philippe
Re: OpenOSPF + CARP
On 2011-09-05, Mathieu Blanc wrote: >>> So the ingoing traffic goes into bsd1, and the servers now use bsd2 to >>> go out. >> >>> Is it not a problem ? In terms of firewalling for example (keep state ? >>> will bsd2 authorize the trafic which is initiated by bsd1 ? maybe with >>> the help of pfsync ??) >> >> pfsync(4) can handle this if you use 'defer', see the pfsync manpage, >> but this is normally only desirable for load-balancing. > > I read the manpage, and it seems to match exactly with what i want to do : > "Where more than one firewall might actively handle packets, e.g. with > certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to > defer transmission of the initial packet of a connection. The pfsync > state insert message is sent immediately; the packet is queued until > either this message is acknowledged by another system, or a timeout has > expired." This is for load-sharing between 2 firewalls, you don't want it for a typical setup with 1 active and 1 passive firewall as it delays things > If I take my previous example : > Network A [interconnection with others routers] = 192.168.1.0/24 > (configured on em0, and carp0) presumably you are announcing the networks behind bsd1/bsd2 over ospf to your other routers; so I don't think carp0 is useful. > Network B [network with servers] = 172.16.1.0/24 (configured on em1, and > carp1, used by servers for default gateway) > em2 is for pfsync. > The ospfd.conf is very simple. > > bsd1# ifconfig -A > > em0: flags=8b43 > inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 > em1: flags=8b43 > inet 172.16.1.1 netmask 0xff00 broadcast 172.16.1.255 > em2: flags=8843 mtu 1500 > inet 172.16.99.1 netmask 0xfffc broadcast 172.16.99.3 > pfsync0: flags=41 mtu 1500 > pfsync: syncdev: em2 syncpeer: 172.16.99.2 maxupd: 128 defer: off > carp0: flags=8843 mtu 1500 > carp: MASTER carpdev em0 vhid 170 advbase 1 advskew 80 > inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 > carp1: flags=8843 mtu 1500 > carp: MASTER carpdev em1 vhid 171 advbase 1 advskew 120 > inet 172.16.1.100 netmask 0xff00 broadcast 172.16.1.255 > > bsd1# cat /etc/ospfd.conf > area 0.0.0.0 { > interface em0 > interface em1 > interface carp0 { passive } > interface carp1 { passive } > } I would:- remove "interface carp0 { passive }" from ospfd.conf remove "interface em1" from ospfd.conf ospfctl reload ifconfig carp0 destroy rm /etc/hostname.carp0
Re: Most secure Operating-System?
On 2011-09-05, Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD > > Features required: > WINE compatible nope. > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. fully replacing an office Windows environment is certainly possible... you might like to read these: http://undeadly.org/cgi?action=article&sid=20110420080633 http://puppetlabs.com/blog/guest-post-a-puffy-in-the-corporate-aquarium-the-sequel/
Re: Most secure Operating-System?
On Mon, Sep 5, 2011 at 4:41 PM, Christopher Linn wrote: > hi alec, > > - Alec Taylor wrote: >> Good evening, >> >> What's the most secure operating system? >> >> /me is thinking OpenBSD >> >> Features required: >> B TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by >> incorporating Internet access!) >> B GUI >> B Web-server (with HTTPS capabilities) >> B LDAP+-Kerberos server for User auth >> B CAS or similar for SSO >> B Radius or (preferably) Diameter support >> B Java support >> B WINE compatible >> B Multithreaded >> B Multi-processor capable >> B Wide architecture support (x86, x64, mainframes) >> >> If my project proposal is successful, I will be implementing this >> system to replace a Windows environment at one of the largest banks in >> the country. >> >> Thanks for all suggestions+advice, >> >> Alec Taylor >> > > > is this for desktop? in an enterprise environment you will surely need > to run e.g. M$ applications and adobe pro IPv6, Java, Wine really sounds like any bank on the market which really "cares" about security in the same way as they care about our money in hedge funds, sci-fi loans, even more sci-fi ratings and so on :-) > > and, what do you mean by "mainframes"? > > -- > Chris Linn
Re: Most secure Operating-System?
On Mon, Sep 5, 2011 at 3:55 PM, Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD What you think is not important for suits ;-) For them the most important part is how much dinners and other gifts will they have from vendor if they choose "right" one ;-) You will be in the end just monkey which needs to administer whichever shit they throw at you ;-) > > Features required: > B TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > B GUI > B Web-server (with HTTPS capabilities) > B LDAP+-Kerberos server for User auth > B CAS or similar for SSO > B Radius or (preferably) Diameter support > B Java support > B WINE compatible > B Multithreaded > B Multi-processor capable > B Wide architecture support (x86, x64, mainframes) > > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. > > Thanks for all suggestions+advice, > > Alec Taylor
Re: Most secure Operating-System?
hi alec, - Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD > > Features required: > TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > GUI > Web-server (with HTTPS capabilities) > LDAP+-Kerberos server for User auth > CAS or similar for SSO > Radius or (preferably) Diameter support > Java support > WINE compatible > Multithreaded > Multi-processor capable > Wide architecture support (x86, x64, mainframes) > > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. > > Thanks for all suggestions+advice, > > Alec Taylor > is this for desktop? in an enterprise environment you will surely need to run e.g. M$ applications and adobe pro. and, what do you mean by "mainframes"? -- Chris Linn
Re: Laptop hard drive and emergency unload
Steve wrote: >6.3.6.1 Emergency unload > [... ]Emergency unload >is intended to be invoked in rare situations. Because this operation >is inherently uncontrolled, it is more mechanically stressful than a >normal unload. Yes. I have a Thinkpad T43 with a Hitachi Travelstar 5K100 (HTS541060G9AT00) and used to have the same problem: when shutting down the computer, the power would be removed from the hard disk while the heads were still loaded and the disk would then have to perform an emergency unload, which resulted in the disk making a loud click. This was the case for me from (I think) OpenBSD 3.9, when I first installed OpenBSD, up to and including 4.8. A few months ago I upgraded to 4.9 (stable) and since then I can hear the disk normally unloading the heads (a short series of 4-5 muffled clicks in very short succession with a slightly increasing pitch) before powering down, which is much quieter. My disk and I both thank whoever implemented that change :-) >On Sep 3, 2011, at 15:41, Steve wrote: >>Can anyone suggest what I could do to stop this from happening? Well, it depends... You could try to manually sync(8) the disk, do something like "atactl wd0 apmset 1" (YMMV) to put the disk into standby power saving mode, which would result in the heads being unloaded after a short time, and then halt(8) the computer. The problem is that, as part of the normal powerdown sequence, OpenBSD writes some logs of the shutdown on the disk (which would then reload its heads) and also syncs the disk (I don't know if that action alone would reload the disk heads or not if there were no actual data to sync to the disk; using sync(8) twice in sequence results in my disk's light blinking twice but whether the second blink actually means anything with regard to the disk's heads is an entirely different question...) You could try to play with halt(8)'s -q and -n options and see what happens, but I wouldn't recommend it... Even if you were lucky and it worked, it would be an annoyance to do that every time and it'd be very easy to make a mistake and lose data. You could write scripts to automate the process but you'd be on your own if something went wrong... You could also try the following: - put the root partition, /var/log, and everything else required for a normal shutdown, on a USB stick and boot from that - have all the other stuff (/home, /usr/local, etc) on your disk - before shutting down, manually unmount all the partitions that are on the disk (forcing the unmount if necessary), use atactl to put the disk in a low-power mode that results in the heads being unloaded, then shutdown the computer as usual. Slightly better than the above, but again it'd be annoying to do and it'd be easy to make a mistake... With all that being said, I happily used OpenBSD on my laptop for about five years with my hard disk doing an emergency unload on every shutdown, and never had any problem. It's up to you to decide whether you can sleep at night knowing that your disk goes through a very small number of "mechanically stressful" events every day. 2 emergency unloads supported by your disk at a minimum (or so Hitachi says...) / 5 shutdowns a day (say) = about 11 years... So it might be an acceptable solution to you until time (and if...) an OpenBSD developer decides to fix your problem. You have backups anyway, right? :-) Philippe
Re: Most secure Operating-System?
On Mon, 5 Sep 2011 16:09:43 +0200, jirib wrote: > On Mon, 5 Sep 2011 23:55:52 +1000 > Alec Taylor wrote: > >> Good evening, What's the most secure operating system? /me is thinking OpenBSD Features required: and how exactly is webserver going to secure enduser desktop env? -- Best Regards Tomasz Dereszynski Links: -- [1] mailto:alec.tayl...@gmail.com
Re: Most secure Operating-System?
On Mon, 5 Sep 2011 23:55:52 +1000 Alec Taylor wrote: > Good evening, > > What's the most secure operating system? > > /me is thinking OpenBSD > > Features required: > TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by > incorporating Internet access!) > GUI > Web-server (with HTTPS capabilities) > LDAP+-Kerberos server for User auth > CAS or similar for SSO > Radius or (preferably) Diameter support > Java support > WINE compatible > Multithreaded > Multi-processor capable > Wide architecture support (x86, x64, mainframes) > > If my project proposal is successful, I will be implementing this > system to replace a Windows environment at one of the largest banks in > the country. > Do NOT smoke that sh1t too much, or if you wanted to be funny you are not. jirib
Most secure Operating-System?
Good evening, What's the most secure operating system? /me is thinking OpenBSD Features required: TCP/IP Suite with IPv4 and IPv6 (yeah, I know, big security loss by incorporating Internet access!) GUI Web-server (with HTTPS capabilities) LDAP+-Kerberos server for User auth CAS or similar for SSO Radius or (preferably) Diameter support Java support WINE compatible Multithreaded Multi-processor capable Wide architecture support (x86, x64, mainframes) If my project proposal is successful, I will be implementing this system to replace a Windows environment at one of the largest banks in the country. Thanks for all suggestions+advice, Alec Taylor
ikev2
Hi, sorry to post again this. Is there someone who have already tried a vpn using ikev2 with EAP-MSCHAP-V2 support ? Thank you very much. Cheers, Wesley.M
Re: OpenOSPF + CARP
Le 03/09/2011 12:35, Stuart Henderson a icrit : On 2011-09-02, Mathieu BLANC wrote: I setup this, *and it seems to work well.* Routers in network A see 2 routes to Network B : bsd1 and bsd2. For example : First route : bsd1 Second route : bsd2 bsd1 is the master carp on network B. So the ingoing traffic goest to bsd1, and the servers in B use their gateway -> bsd1. But if i do (manually) a carpdemote on bsd1, the the carp master will switch to bsd2, but on the ospf side, the route will remain the same on the routers in A. So the ingoing traffic goes into bsd1, and the servers now use bsd2 to go out. Is it not a problem ? In terms of firewalling for example (keep state ? will bsd2 authorize the trafic which is initiated by bsd1 ? maybe with the help of pfsync ??) pfsync(4) can handle this if you use 'defer', see the pfsync manpage, but this is normally only desirable for load-balancing. I read the manpage, and it seems to match exactly with what i want to do : "Where more than one firewall might actively handle packets, e.g. with certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to defer transmission of the initial packet of a connection. The pfsync state insert message is sent immediately; the packet is queued until either this message is acknowledged by another system, or a timeout has expired." In the situation you describe, the network A should send all of network B's traffic to whichever machine is currently carp master. For this setup you need to:- 1. have the subnet (not a /32) configured on the carpXX interface 2. use 'interface carpXX { passive }' in ospfd.conf If this doesn't help, please show ospfd.conf files and 'ifconfig -A' output. I'm not sure to understand, sorry. Here is my test conf (exactly the same than in prod, but with private network). If I take my previous example : Network A [interconnection with others routers] = 192.168.1.0/24 (configured on em0, and carp0) Network B [network with servers] = 172.16.1.0/24 (configured on em1, and carp1, used by servers for default gateway) em2 is for pfsync. The ospfd.conf is very simple. bsd1# ifconfig -A em0: flags=8b43 mtu 1500 lladdr 00:1b:21:b3:c7:18 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 em1: flags=8b43 mtu 1500 lladdr 00:1b:21:b3:c7:19 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.1.1 netmask 0xff00 broadcast 172.16.1.255 em2: flags=8843 mtu 1500 lladdr 00:1b:21:b3:c7:1c priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 172.16.99.1 netmask 0xfffc broadcast 172.16.99.3 pfsync0: flags=41 mtu 1500 priority: 0 pfsync: syncdev: em2 syncpeer: 172.16.99.2 maxupd: 128 defer: off groups: carp pfsync carp0: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:aa priority: 0 carp: MASTER carpdev em0 vhid 170 advbase 1 advskew 80 groups: carp status: master inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:ab priority: 0 carp: MASTER carpdev em1 vhid 171 advbase 1 advskew 120 groups: carp status: master inet 172.16.1.100 netmask 0xff00 broadcast 172.16.1.255 bsd1# cat /etc/ospfd.conf area 0.0.0.0 { interface em0 interface em1 interface carp0 { passive } interface carp1 { passive } } bsd2 is exactly the same (with different ip address on em0/em1/em2 and backup carp). This setup works quite well (i see 2 routes to 172.16.1.0/24 network in my others routers : via bsd1 and bsd2). What i wanted to do is to have just one route to 192.168.1.100. But I don't know if it's possible. If not, i'll destroy the carp0 interface, and use defer in pfsync. Thanks by advance :-) Mathieu.