In gmane.os.openbsd.misc, you wrote:
> I'm fiddling around with a redundant VPN-solution. The setup is rather
> simple at the moment but will grow more complex over time. Since I've
Simple is good.
> been having problem even seting up a basic IPSec tunnel(weird timeouts
> with random intervals on all connections.). I went with a openvpn
> solution instead due to running out of time for the project.
>
> The setup looks like this:
> { site1.fw1 site1.fw2 } -> NOC.fw
>
> site1.fw1 <- CARP -> site1.fw2 but via NOC.fw which is the openvpn
> server.
>
> All traffic from NOC to site1 routes through the VPN via the CARP
> ip address.
>
>
> But(!) The problem is that the CARP interfaces won't sync with each
> other over the VPN, I don't see any traffic running through the tun0
> interface at all. Yes it's a link0 tun interface, yes I'm running
> openvpn in layer 2(tap) mode. Yes, carp will sync over the normal
> network with the same setup it has as in the vpn(different vhid,
> of course) Any clue why it isn't working?
Does tun(4)/OpenVPN support multicast? If not you can try setting
syncpeer on the carp iface, or switch to a tunnel which does (e.g.
gre/gif).
