Simon Best I could do would be to build the system in a VMware environment.
To be honest, I tend to use the Intel NICs because they are notoriously stable and have been supported by *BSD for a long time (compared to other gigabit NICs) - they even work on m0n0wall. I have had a similar setup working with OpenBSD in the past with no problems. In this case, because the problem is only present on a particular interface on both firewalls (I can delete the carp address and everything else works fine) I am tending to believe that the problem is outside the box. I hope to test this theory next week by swapping switch ports, cables, etc. /peter On Sunday 26 March 2006 22:32, Simon O'Sullivan wrote: > Peter, > > Are you able to test your setup using cards other than Intel Gigabit NIC's? > These master/slave carp type problems are identical to the problems that > I'm experiencing with Intel gigabit NICs. I haven't any spare HW at the > moment so can't myself. > > Simon. > > -----Original Message----- > From: Peter Curran [mailto:[EMAIL PROTECTED] > Sent: Saturday, 25 March 2006 7:18 a.m. > To: support@pfsense.com > Subject: Re: [pfSense Support] Carp is a bit confused... > > No - this is not the problem. I have quadruple checked all this and it is > consistent and correct. > > I have just tried increasing the advertising frequency on the slave, but > although it flicked to 'backup' status briefly because of the change, it > reverted to 'master' shortly after. > > I have also tried reversing the sense: ie making the master the slave, the > slave the master. The position is the same as it was before, with both > systems claiming to be Master. > > Frustrating! > > /peter > > On Friday 24 March 2006 09:32, Amorim, Nuno Alexandre (ext) wrote: > > Hello Peter > > > > I had a similar issue. Verify the netmask of the carp interface. It is > > the same has the network. > > > > > > -----Original Message----- > > From: Peter Curran [mailto:[EMAIL PROTECTED] > > Sent: sexta-feira, 24 de Março de 2006 0:09 > > To: support@pfsense.com > > Subject: Re: [pfSense Support] Carp is a bit confused... > > > > Hi Scott > > > > On Thursday 23 March 2006 23:00, Scott Ullrich wrote: > > > > I have two boxes in parallel, running with Carp used to service 6 > > > > addresses in total - 3 on the WAN interface and the remaining 3 > > > > spread between 3 internal interfaces. All seems to work OK - when I > > > > check > > the > > > > > Carp status on FW1 all CARP addresses show up as Master. However, > > when > > > > > I check the same on FW2 all addresses except 1 show up as Backup - > > > > the odd one out shows up as Master. The logs show 'arp_rtrequest: bad > > > > gateway y.y.y.y (!AF_LINK)', where y.y.y.y is the affected Carp > > address > > > > > - this seems to occur every few seconds, so I assume that Carp is > > > > trying to assert control over the address. Any idea what is wrong? > > > > > > Is this a vlan? > > > > No - it is a real interface. The LAN interface is a VLAN, but that seems > > to be OK. > > > > > > My second problem concerns Failover Ipsec. When I check the SAD on > > the > > > > > active firewall I see a pair of entries for a live IPsec tunnel, > > > > however the same information is not shown on the other firewall. Is > > > > this expected behaviour? > > > > > > SASYNCD is not fully working yet. We need some help in finishing the > > > port. So yes. > > > > OK - what is outstanding on the port (apart from the minor bug in the GUI > > and a need for a better way to handle the AES key)? > > > > /peter > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]