yes, that's what I meant. Thanks,

Thanks again to jimp for putting me on the right path.  :D

that did it!  Thank you very much for the help!

Thus when the "master" is down, ether don't do any change to slave, or if there is change to slave, we have to manually update the master when it is up I guess? I tried to do the "bold" but it gave error on the "slave" immediately saying something like it does find the target as a valid sync device.

No suggestions? It cant be network traffic on Sync interface since its a direct connect. Not sure where to look and how to fix this. What the correct procedure to swing  the interface back to primary? Last time I just rebooted the secondary but it seems a bit crude.

I created another vlan (12) today, and have the exact same issue. I can ping the backup-carp ip, but not that master nor the virtual. The firewall rules are empty, so nothing should be allowed. Any help or ideas are very welcome!

That's still a bit vague as to what they actually meant. They might have meant that you should have multiple ISPs not just that one, so that you could have some redundancy in case it fails. To say more you'll need to have them clarify the original statement.

No.

@cmb: only if it's the only remaining IP alias in that subnet. See comments on the bug ticket you linked. You have to have an IP assigned to an interface within the subnet of CARP. Can we make it so it is not like this? Is seems unreasonable. I deleted the CARP IP and the VIP then recreated the CARP IP. Why can't I do this in just one step? I would end up in the same place. At the moment creating an additional IP is a one-way operation, that I can't easily reverse. It's miserable.

I forgot to add: for those extra three IPs I don't have to have CARP. They will be used for non-essential operations. Does that make it easier?

Plz detail your network configuration.  Maybe there is a clue there.

I just wanted to confirm that this was the solution. The interface had gone down due to inactivity while I was repairing the second firewall.

No one with an idea? That usually means that I asked a really stupid question :-) I also might be completely wrong with the idea that it has something to do with the difference between BSD and Linux. Any help here is very welcome. I have no idea left on where to look for the problem.

We also have exactly this issue with UPC Ireland. No resolution as of yet no matter what we tried.