I have been following with interest the developments with regard to 
dhcpd gaining spamd-like synchronisation features. I would like to be 
able to make use of these features if I can. However, I have a question:

Currently, I have a pair of CARP firewalls in a failover configuration. 
We have carp on vlan on physical, plugged in to a trunk port on a Cisco 
Catalyst. The default gateway for each internal subnet (of which there 
are quite a few) is an IP on a CARP interface. On the two subnets where 
we use DHCP however, I have had to allocate non-CARP IPs, ie IPs on 
vlanXX rather than carpXX, because the CARP interface didn't seem to be 
seeing the 255.255.255.255 packets sent out by dhclients.

It bears mention that I set things up this way some years ago now, when 
I was learning OpenBSD for the first time. If I've cocked it up, I'd 
love someone to put me right.

My question is, is it possible to have my two firewalls both running 
dhcpd, syncing leases between them, listening on the carp interfaces, or 
do I have to stick with my current config where I have a non-carp IP so 
that dhcpd can see the requests? I don't mind if this is the case, but 
it seems daft to lose 3 IPs per subnet (CARPd gateway IP, dhcp for 
firewall A, dhcp for firewall B) rather than 1 if I can do it all on the 
carp interface.

Ta all,

Dave Wilson

PS: I apologise if this post is overly verbose, but after seeing so many 
posts saying there's not enough information, I'm trying to not leave 
anything out.