@JKnott: you've got my requirement upside-down.
I want the pfSense firewalls, on their WAN interface, to accept RAs from the upstream routers.
This is the normal behaviour for RAs. In fact, pfSense supports it if the WAN interface is configured dynamically using DHCP6 or SLAAC. I want to know if it's possible when the WAN interface is configured with a static IPv6 address.
Downstream, everything is fine:
fw1 fw2
| |
-+---+----+-
|
server
I can configure pfSense to send RAs only (without offering SLAAC prefix or DHCP6)
I can configure the server with a static IPv6 address
I can configure the server to pick up its default route via RA (e.g. Linux: accept_ra=1)
That all works fine. Now I need to do the same upstream, where the pfSense WAN is the "client" and the upstream routers send RAs.
You are right that I could instead use VRRP or CARP. The reasons not to do this are partly philosophical (IPv6 already provides this facility, in the form of Router Advertisements), and partly practical: the Netgear M4300-24X24F I'm using has a bug where it drops more than 90% of IPv6 CARP packets, which results in devices switching into MASTER-MASTER mode. (Aside: it also doubles IPv4 CARP packets. Go figure). I do have a case open with Netgear for this.
I know how networks work, so I'm trying to ask a specific question about pfSense from pfSense experts. The question is: if I configure pfSense WAN interface with a static IPv6 address, can it also be configured to accept Router Advertisements? "Yes" or "no" from someone who knows the answer, please.