When using a HA system of two nodes for corporate VPN I encountered a problem: Imagine node A and B share the same public ip address on their carp(4) interface. Imagine A and B have a gre(4) interface, and its tunnel source address is the carp(4) address. Imagine there is an ospf daemon running on those gre(4) interfaces. Then the OSPF neiborship will be constantly reestablished, because A and B will interfere with OSPF sessions of each other. This happens because both nodes will send a HELO packet, and the backup node isn't honoring its BACKUP state properly. Fix: Use IPSEC with 'required' policies. This will prevent the backup node from establishing SA, thus preventing the tunnel from working. How-To-Repeat: Build a setup mentioned above. Use OSPF or just try to send icmp packets via the tunnel from the BACKUP node.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped