I setup a pair of OBSD box's with carp & pfsync last week, They appeared
to working when I left them although the number of states on each was
out by about 20%. I had the leave them like they were, but when I
checked on them this morning I noticed that the backup box only has
about 15 states and the active box has about 8000!
I compared the hostname.vlan &.carp files on each box and realised that
I has an extra character in one of the carp password fields in one of
the files. I fixed this but haven't done a "sh /etc/netstart" yet as
don't want to do that remotely. The wrong password in the files makes
sense and will account for the missing 20% states but could the wrong
password have been seen as a denial of service against pfsync and have
caused it to stop syncing ?
I've had a look at the /var/log/messages & daemon files but there's
nothing there. PF doesn't seem to be blocking anything and if I run
tcpdump on the vlan's I can see carp broadcasts (I don't understand
them, but they are there).