Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 CARP seems broken on 23.05

    Scheduled Pinned Locked Moved Plus 23.05 Development Snapshots (Retired)
    6 Posts 2 Posters 826 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • w0wW
      w0w
      last edited by w0w

      I have IPv6 CARP, currently it does not detect status of the CARP VIP.
      defc780d-cf2f-43ad-a44a-a908d98ca067-изображение.png
      It also looks like IPv6 broken on the clients, not sure why exactly, but I can not ping CARP VIP from clients and I can't reach any of IPv6 sites. I can successfully ping ipv6 sites from master firewall and as expected can't from backup firewall.
      When I revert to the 23.01, the status is shown and IPv6 is also working. I am not sure that there are no changes made on my side regarding IPv6 settings between 23.01 and 23.05, so IPv6 functionality may be broken by me, does anyone have IPV6 CARP configured? Can anyone confirm or refute my findings?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @w0w
        last edited by

        @w0w It's not disabled is it?
        https://forum.netgate.com/topic/177010/what-does-this-backup-carp-status-mean

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        w0wW 1 Reply Last reply Reply Quote 0
        • w0wW
          w0w @SteveITS
          last edited by w0w

          @steveits
          No it's not disabled, at least by me. However, I don't see CARP address in the output of the command ifconfig -vva on the 23.05

          flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=49020b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,NETMAP,NOMAP>
	ether 02:76:c6:00:07:2e
	inet6 fe80::76:c6ff:fe00:72e%igc1 prefixlen 64 scopeid 0x2
	inet6 2001:xxx:28:191::1 prefixlen 64
	inet 192.168.77.1 netmask 0xffffff00 broadcast 192.168.77.255
	inet 10.0.90.1 netmask 0xffffff00 broadcast 10.0.90.255
	inet 192.168.77.5 netmask 0xffffff00 broadcast 192.168.77.255 vhid 5
	carp: BACKUP vhid 5 advbase 1 advskew 254
	      peer 224.0.0.18 peer6 ff02::12
	media: Ethernet autoselect (2500Base-T <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

          2001:xxx:28:191::5 is just missing

          And on 23.01 it presents. VIP config is the same.

          igc1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=49020b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,NETMAP,NOMAP>
	ether 02:76:c6:00:07:2e
	inet6 fe80::76:c6ff:fe00:72e%igc1 prefixlen 64 scopeid 0x2
	inet6 2001:xxx:28:191::1 prefixlen 64
	inet6 2001:xxx:28:191::5 prefixlen 64 vhid 6
	inet 192.168.77.1 netmask 0xffffff00 broadcast 192.168.77.255
	inet 10.0.90.1 netmask 0xffffff00 broadcast 10.0.90.255
	inet 192.168.77.5 netmask 0xffffff00 broadcast 192.168.77.255 vhid 5
	carp: BACKUP vhid 5 advbase 1 advskew 254
	carp: BACKUP vhid 6 advbase 1 advskew 254
	media: Ethernet autoselect (2500Base-T <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

          Edit:
          If I manually execute

          ifconfig igc1 inet6 2001:xxx:28:191::5 prefixlen 64 vhid 6

          on both firewalls then CARP is working again, showing status and IPv6 is also accessible

          EDIT2:

          /rc.newwanip: The command '/sbin/ifconfig igc1 alias '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx' returned exit code '1', the output was 'ifconfig: 2001:xxx:28:191::5: bad value'

          Should not it be

          /sbin/ifconfig igc1 inet6 '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx'

          or

          /sbin/ifconfig igc1 inet6 alias '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx'

          ?

          1 Reply Last reply Reply Quote 0
          • w0wW
            w0w
            last edited by w0w

            Replicated on VMs. Looks like any IPv6 CARP VIP creating is just fails on 23.05

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @w0w
              last edited by

              @w0w can you create an entry in redmine.pfSense.org and maybe upload your test config? Maybe they can catch it before release.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              w0wW 1 Reply Last reply Reply Quote 0
              • w0wW
                w0w @SteveITS
                last edited by

                @steveits
                https://redmine.pfsense.org/issues/14383

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.