On Tue, Jun 07, 2005 at 12:34:06AM +0000, Ryan McBride wrote: > On Tue, Jun 07, 2005 at 01:06:53AM +0100, Stephen Marley wrote: > > Is there a way to make a pair of carp hosts to renegotiate with an > > existing ipsec peer when a new carp master is elected? I tried it once > > and it didn't work out. > > If the connection to the ipsec peer is not passive, you can use > ifstated(8) to tickle isakmpd when the carp status changes. > > But you probably want to look at sasyncd(8) and pfsync(4), and avoid the > need for renegotiation at all.
Awesome! I'll give this a whirl as soon as I can. The carp hosts in question are not pf firewalls, but ospf routers (alas not ospfd yet). I don't see how that matters though. Thanks :) -- [EMAIL PROTECTED]
