Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP and (HE.net) GIF tunnel

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Polderdijk
      last edited by

      I setup CARP with one ISP and 2 PFSense boxes. Everything works as expected if I disable CARP on the primary.

      The only thing is the HE.net tunnel, everything will go in Master status on the slave if i set 'Disable CARP' on the primary. But IPv4 works, but IP6 not. The Gateway to HE.net is shown as Online on the slave, but there is no IPv6 connectivity. I can ping the IPv6 CARP ip, also the IPv6 slave IP but if i ping the GIF tunnel local address or GIF tunnel remote address (or any other IPv6 outside LAN) then i get a PING: transmit failed. General failure.

      My setup:

      GIF HE.net tunnel is setup with this manual: https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker. Because of CARP i change the GIF parent interface to the WAN CARP IP.

      Also created a IPv6 CARP IP on top of the LAN-interface (and set my clients to use this IP as gateway).

      I have IPv6 internet, can ping6 the master, slave and CARP IPv6 IP-adres. So i think everything is setup correct?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Compare the interface settings (ifconfig -a) and routing tables (netstat -rn) on both nodes in each state, see if there is anything different.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jason0
          last edited by

          Hello,

          I am having similar problems.  IPV4 failover works beautifully.  But not ipv6.

          fw1 and fw2 both have the same tunnel broker settings, both firewall GIF connections are tied to the wan carp ip.  when fw2 is master, ipv6 stops.  when fw1 is master again, ipv6 connectivity returns.

          I have compared the output of netstat -rn and ifconfig -a to each other.  The only real difference appears to be how ipv4 is mapped to carp whereas ipv6 is NOT.

          What I theorize is this: until HE.net re-pings the ipv4 client address, connectivity is lost.

          Do I need to create a virtual ip address on the tunnel interface and assign the he.net assigned client ipv6 address to it?
          is there a way to convince HE.net to allow me to use more than one client ipv6 addresses ie one for fw1 one for fw2 and one for carp?  the server and client ipv6 addresses both are /64…

          is there a mechanism to bump HE.net if a carp changover has occurred?

          Thank you in advance for your time...

          ==jason

          G 1 Reply Last reply Reply Quote 0
          • G
            GTA_doum @jason0
            last edited by

            @jason0 I am just facing the same issue! Any tricks to get GIF over CARP?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.