Hello,
I am running two OpenBSD 7.3 firewalls with pfsync and CARP for redundancy and
have one carp interface carp0 for the public internet and one carp interface
carp1 for my private (NAT) internal network. The private carp interface has
status master on the first firewall and status backup on the 2nd firewall so
all good here but for my external carp interface both firewalls show master as
status so I suspect I have something wrong here in my config or it is a bug.
The config is below for reference:
/etc/hostname.carp0 on fw1
inet x.x.x.114 255.255.255.240 x.x.x.127 vhid 40 carpdev em2 pass password
advskew 1
inet alias x.x.x.115 0xfffffff0
inet alias x.x.x.116 0xfffffff0
/etc/hostname.carp0 on fw2
inet x.x.x.114 255.255.255.240 x.x.x.127 vhid 40 carpdev em0 pass password
advskew 128
inet alias x.x.x.115 0xfffffff0
inet alias x.x.x.116 0xfffffff0
On both firewalls I have added the following in /etc/pf.conf:
pass on { $ext_if $int_if } proto carp keep state (no-sync)
Did anyone already encounter this issue or has any idea what might be wrong?
Best regards,
Mabi
