On 2013-06-05, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote:
Hi,
I'm setting up a pair off redundant carp/pfsync firewalls/routers to
perform as VLAN gateways.
The firewalls will announce the VLAN networks to OSPF and also will do
NAT on traffic destinating to the internet.
I'm using a carp interface to announce the NAT pool to OSPF which works
but I'm not feeling very sure about it.
I've also tried setting up a blackhole route but failover didn't work on
carpdemote.
Would anyone suggest a better way to do this?
thanks,
Giannis
This seems perfectly reasonable to me, and useful whether it's done to
announce into OSPF as well, or just straight routing.
I've also done similar using carp interfaces for a subnet covering
VPN clients before (using ifstated to kill isakmpd on the backup /
start isakmpd on the master, as needed).
