Ryan McBride gave an impressing presentation about building a redundant Firewall with PF and CARP using two Soekris boxes at EuroBSDcon.
I had to buy a Soekris box immediately and today I put it into production replacing my old EPIA based Firewall.
This went well, all i had to do was replacing the vr-interfaces of the EPIA with the sis interfaces of the Soekis in /etc/pf.conf.
I have not played around with CARP and PFSYNC yet, because all Howtos and Manpages are based on an OpenBSD configuration (yes even the FreeBSD manpages), so they are a bit difficult to read.
My main problem is, that my Firewall also terminates my IPv6 tunnel, and i am not sure i can use the gif interface as a carp interface. I probably have to ask for help on freebsd-pf.
But first i have to finish my work for this terms university courses…..