Hi, How does one implement a redundant OpenBSD firewall pair with IPv6?
With IPv4 I would use CARP to have one of the boxes be the master/active while the other one is backup/standby. But with IPv6 I want to use Router Advertisements so that hosts on the internal network can use SLAAC for IPv6 address autoconfiguration. Therefore hosts will receive RAs from both OpenBSD boxes and set both as possible default GWs in their routing table. In that case, how do I get the internal hosts to send all traffic to the "primary" firewall? I've configured the CARP interface on the box with IPv6, but the RAs are still sent from both boxes (master and backup) so the RA-configured hosts don't end up using the IPv6 CARP VIP at all and I seem to end up with possible asymmetric firewall flows. Thanks, -Martin