• I have a fairly strange setup here…

    2 WAN connections:

    1x PPPoE with a /28 ipv4 block and a /48 IPv6 block
    1x DHCP with a single ipv4 address

    The two WAN links are connected over a single gigabit interface which is trunked to a switch, and then using a separate vlan for each.

    Currently there's a single pfsense firewall, a dmz network with the ipv4 /28 block and an internal nat network which fails over to the other link should the primary link be down.

    I'd like for the DMZ to be natted to the secondary interface should the primary interface be down, although i'm not sure if this is possible...

    But more importantly, i'd want to setup a second pfsense box which takes over should the primary fail... While this is simple for regular ethernet interfaces with CARP, it's somewhat more complicated with my setup...

    Only one device can have the PPPoE connection up at any one time, the secondary would need to remain offline unless the primary went down... Similarly the DHCP WAN link needs to use the same MAC address as the ISP won't allow a new device to obtain a (different) ip until the old lease has expired.

    Would there be some way to automatically keep the physical (vlan trunk) interface down whenever the CARP is in secondary mode, and then bring it online when the CARP switches to primary?