> Le 26 avr. 2016 à 00:37, Olivier Mascia <[email protected]> a écrit : > > It looks like as soon as I bring IPv6 to the party, my secondary starts > thinking it's MASTER instead of BACKUP. Sometimes on the WAN side, sometimes > on the LAN, sometimes both. Quite hard to describe, I'm still trying to > build up a reproducible test case on my 2.3 cluster. So out of the blue, are > there known-bugs or other kind of difficulties in having H.A. along with IPv4 > and IPv6?
This stabilized after reboots. Sure, I'm not helped by the transit provider which does not actually route the /56 prefix to my link (savages!) but merely 'switch' it to me, expecting ARP/NDP from each of my connected devices, and me using one dedicated IP of the block as gateway. Without HA and CARP I have (this was tested fine) to IP Alias (on the WAN) all IPv6 I need on the LAN, while using some fd00::/64 like on the LAN side and NPT. Tricky, but works. Now with HA/CARP in the game, I had NO issues communicating with any of both pfSense on their public IPv6 (one is on ::2 and the other on ::3). But I can't get any answer from ::1 when defining it as CARP VIP over the WAN. Nor could I get any answer from some inner host (let's say on fd00::5 corresponding to w.x.y.z::5) by using an IP Alias on top of the WAN (v6) CARP VIP (which itself didn't answer, as I wrote above)... Until I thought of the RA!! I have set RA on WAN to Router Only over my defined WAN IPv6 CARP, instead of the WAN as default... and I have got connectivity with inner hosts. Yet I don't have any connectivity with the WAN IPv6 CARP itself. Getting me a bit puzzled to say the least. For now I will simply delist my AAAA record for the WAN side of the cluster of routers. So that my named-based VPNs and other kind of accesses only talk IPv4 to the VIPv4. As long as trafic with inner hosts can be established properly, I'm already quite happy. If someone has had similar experience, I'd be happy to read about it, when you have some minutes and the will to share. Thanks! -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
