Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 HA setup not passing traffic

    Scheduled Pinned Locked Moved IPv6
    5 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffsmith82
      last edited by

      I'm trying to setup 2 pfsense boxes in a HA setup to have IPv6

      configured a gateway of 2001:XXXX:8000::2b1/124
      and then setup on my WAN interfaces

      2001:XXXX:8000::2b2/124 = firewall 1
      2001:XXXX:8000::2b3/124 = firewall 2
      2001:XXXX:8000::2b4/124 = CARPed address.

      I then have also been assigned this range 2001:XXXX:840c::/48 which I'm going to split into multiple networks but the one I'm testing is 2001:XXXX:840c:0002::/64

      2001:XXXX:840c:0002::0001/64 = CARPed address
      2001:XXXX:840c:0002::0002/64 = firewall 1
      2001:XXXX:840c:0002::0003/64 = Firewall 2

      I setup DHCP & RA to be Assisted with the CARPed address 2001:XXXX:840c:0002::0001 as The RA interface.

      set the range to be 2001:XXXX:840c:2::0010 to 2001:XXXX:840c:2:ffff:ffff:ffff:ffff

      I can see one of the linux boxes in this network has been assigned 2001:XXXX:840c:2:4862:faff:feae:e15f/64 but it doesn't pass any traffic. Firewall rule to Allow All IPv6 traffic on that interface is in place. Can anyone give me an idea of where to look to try and fix this ?

      J 1 Reply Last reply Reply Quote 0
      • J
        jeffsmith82 @jeffsmith82
        last edited by

        So I tried this http://www.ipv6now.com.au/pingme.php and can ping the 2001:XXXX:840c:0002::0001/64 and 2001:XXXX:840c:0002::0001/64 addresses so I'm assuming my ISP is working fine and it's some kind of outbound routing issue.

        I currently have outbound NAT setup as Manual could it be this causing IPv6 outbound issue ?

        S 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @jeffsmith82
          last edited by

          @jeffsmith82 IPv6 doesn't use NAT. Can you ping ipv6.google.com from pfSense?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          J 1 Reply Last reply Reply Quote 0
          • J
            jeffsmith82 @SteveITS
            last edited by jeffsmith82

            @steveits I can ping ipv6.google.com just fine.

            PING6(56=40+8+8 bytes) 2001:XXXX:8000::2b2 --> 2a00:1450:4009:822::200e
            16 bytes from 2a00:1450:4009:822::200e, icmp_seq=0 hlim=121 time=2.379 ms
            16 bytes from 2a00:1450:4009:822::200e, icmp_seq=1 hlim=121 time=2.342 ms
            16 bytes from 2a00:1450:4009:822::200e, icmp_seq=2 hlim=121 time=2.255 ms

            edit: meant i can ping not cant.

            J 1 Reply Last reply Reply Quote 0
            • J
              jeffsmith82 @jeffsmith82
              last edited by

              So my config was perfectly fine. rebooted the server and it just suddenly started working. guessing something getting cached

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.