On 2013-06-05, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > Hi, > > I'm setting up a pair off redundant carp/pfsync firewalls/routers to > perform as VLAN gateways. > The firewalls will announce the VLAN networks to OSPF and also will do > NAT on traffic destinating to the internet. > > I'm using a carp interface to announce the NAT pool to OSPF which works > but I'm not feeling very sure about it. > I've also tried setting up a blackhole route but failover didn't work on > carpdemote. > > Would anyone suggest a better way to do this? > > thanks, > > Giannis > >
This seems perfectly reasonable to me, and useful whether it's done to announce into OSPF as well, or just straight routing. I've also done similar using carp interfaces for a subnet covering VPN clients before (using ifstated to kill isakmpd on the backup / start isakmpd on the master, as needed).
