On Tue, Jun 07, 2005 at 01:06:53AM +0100, Stephen Marley wrote: > Is there a way to make a pair of carp hosts to renegotiate with an > existing ipsec peer when a new carp master is elected? I tried it once > and it didn't work out.
If the connection to the ipsec peer is not passive, you can use ifstated(8) to tickle isakmpd when the carp status changes. But you probably want to look at sasyncd(8) and pfsync(4), and avoid the need for renegotiation at all.
