IPv6 HA setup not passing traffic
-
I'm trying to setup 2 pfsense boxes in a HA setup to have IPv6
configured a gateway of 2001:XXXX:8000::2b1/124
and then setup on my WAN interfaces2001:XXXX:8000::2b2/124 = firewall 1
2001:XXXX:8000::2b3/124 = firewall 2
2001:XXXX:8000::2b4/124 = CARPed address.I then have also been assigned this range 2001:XXXX:840c::/48 which I'm going to split into multiple networks but the one I'm testing is 2001:XXXX:840c:0002::/64
2001:XXXX:840c:0002::0001/64 = CARPed address
2001:XXXX:840c:0002::0002/64 = firewall 1
2001:XXXX:840c:0002::0003/64 = Firewall 2I setup DHCP & RA to be Assisted with the CARPed address 2001:XXXX:840c:0002::0001 as The RA interface.
set the range to be 2001:XXXX:840c:2::0010 to 2001:XXXX:840c:2:ffff:ffff:ffff:ffff
I can see one of the linux boxes in this network has been assigned 2001:XXXX:840c:2:4862:faff:feae:e15f/64 but it doesn't pass any traffic. Firewall rule to Allow All IPv6 traffic on that interface is in place. Can anyone give me an idea of where to look to try and fix this ?
-
So I tried this http://www.ipv6now.com.au/pingme.php and can ping the 2001:XXXX:840c:0002::0001/64 and 2001:XXXX:840c:0002::0001/64 addresses so I'm assuming my ISP is working fine and it's some kind of outbound routing issue.
I currently have outbound NAT setup as Manual could it be this causing IPv6 outbound issue ?
-
@jeffsmith82 IPv6 doesn't use NAT. Can you ping ipv6.google.com from pfSense?
-
@steveits I can ping ipv6.google.com just fine.
PING6(56=40+8+8 bytes) 2001:XXXX:8000::2b2 --> 2a00:1450:4009:822::200e
16 bytes from 2a00:1450:4009:822::200e, icmp_seq=0 hlim=121 time=2.379 ms
16 bytes from 2a00:1450:4009:822::200e, icmp_seq=1 hlim=121 time=2.342 ms
16 bytes from 2a00:1450:4009:822::200e, icmp_seq=2 hlim=121 time=2.255 msedit: meant i can ping not cant.
-
So my config was perfectly fine. rebooted the server and it just suddenly started working. guessing something getting cached