Link-local gateway // cisco hsrp config
-
Hi,
I've got a /48 IPv6 net routed via a /64 transfer net. Both nets are from a globally routable address space but my Providers Gateway is only available via a link-local address (due Cisco's HSRP IPv6 config) in the /64. Anything works fine with my Mikrotik testbed setup.
Is it possible that pfSense ( 2.1-dev, built on Apr. 13) has a problem if an interface has a routable address with a link-local gateway? Because I could configure this setup but no pings are passing by my firewall (yes, all icmp6 packets are allowed for testing) and the firewall seems to hang if you're trying to ping a ipv6 target outside my net.Have anyone seen this problem before?
Chris -
That is a perfectly valid configuration.
so you setup pfSense with the global IPv6 address from the transfer net (not with carp I hope, that's broken in 8.3) on the WAN. You can then configure the gateway to be the link local address of the cisco. They most likely configured a HSRP link-local for you.
The current available Cisco IOS does not yet do HSRP with a global address yet.
I'm using the same sort of deal at work with a HSRP link local and it works fine for me. Check if it's inserted in the default route on pfSense. Diag > routes.
You can add these routes via the System > routing page. Note that unless you configure the router for SLAAC it won't pickup on router advertisements.
It probably hangs because of the unreachable DNS.
-
So I upgrade to the latest snapshot, reboot the machine and .. d'oh - it works now. Maybe it was too late yesterday to realize that it already works. ::)
Thanks for your help and clarification!
Chris -
Yup should work fine :D