I have a problem with IPv6 on a HA setup. With IPv4, it is OK.
> IPv4 : > VLAN MAC Address Type Age Port > Mod > ---------+-----------------+-------+---------+------------------------------+--- > 2776 0000.5e00.0168 dynamic 0 Veth5 > 5 > 2776 0000.5e00.0168 dynamic 0 Po4 > 6 > Total MAC Addresses: 2 With IPv6 the MAC is reported active on both pfSense's (Veth5/Veth6 instead of Veth5/Po4 as above). > IPv6 > VLAN MAC Address Type Age Port > Mod > ---------+-----------------+-------+---------+------------------------------+--- > 2776 0000.5e00.016a dynamic 1 Veth5 > 5 > 2776 0000.5e00.016a dynamic 2 Veth6 > 6 > Total MAC Addresses: 2 I proceeded for IPv6 as for IPv4. One IPv6 address for each WAN interface: x:y:z:d8ff::2/64 and x:y:z:d8ff::3/64. And a CARP virtual IP definition of x:y:z:d8ff::1/64 on WAN interface. The VHID is 106. Pinging from outside either one of the WAN adresses looks good. Pinging the CARP VIP loose packets at varying rate and captures show echo requests packets arriving randomly on each WAN interface. The IPv4 part of that same setup works wonderfully. x.y.z.130/28 and x.y.z.131/28 CARP virtual IP of x.y.z.129/28 on WAN interface. The VHID is 104. No visible issue with simple pinging, no suspect packet captures, and no internetworking issues at all with IPv4. The direct link using opt1 on both boxes uses 172.16.0.2/24 and 172.16.0.3/24. The rules on that opt1 'sync' interfaces are setup according to the Book. One weird dumb question: would the opt1 'sync' interface also need IPv6 subnets in order for this to work? What could I do to help diagnose this further? Could it be a problem with 2.3-REL? I never had the opportunity to build and test such a setup with previous versions. I have support incidents purchased along with other pfSense hardware, but this is not on pfSense hardware but on VMs. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
