On 2024-05-29, Vitaliy Makkoveev <o...@bsdbox.dev> wrote: > He wants replication. This means both wireguard "servers" know the client > state. No client reconnection at failure, no delay, seamless migration > from failed node to the backup. Something like sasyncd(8), but for > npppd(8) or wg(4).
wireguard doesn't have a "reconnection" in the way IKEv2+MSCHAP or IKE+L2TP do, the user doesn't have to do anything, so as long as peers are configured on all carp members it should be fairly seamless. It doesn't care about IP addresses as long as one end can get packets through to the other's last known address. (Reason for ifstated would be to stop any carp backup machines from trying to send wireguard packets and confusing things.)
