IPv6 CARP seems broken on 23.05

w0w

I have IPv6 CARP, currently it does not detect status of the CARP VIP.
defc780d-cf2f-43ad-a44a-a908d98ca067-изображение.png
It also looks like IPv6 broken on the clients, not sure why exactly, but I can not ping CARP VIP from clients and I can't reach any of IPv6 sites. I can successfully ping ipv6 sites from master firewall and as expected can't from backup firewall.
When I revert to the 23.01, the status is shown and IPv6 is also working. I am not sure that there are no changes made on my side regarding IPv6 settings between 23.01 and 23.05, so IPv6 functionality may be broken by me, does anyone have IPV6 CARP configured? Can anyone confirm or refute my findings?

SteveITS

@w0w It's not disabled is it?
https://forum.netgate.com/topic/177010/what-does-this-backup-carp-status-mean

w0w

@steveits
No it's not disabled, at least by me. However, I don't see CARP address in the output of the command ifconfig -vva on the 23.05

flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=49020b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,NETMAP,NOMAP>
	ether 02:76:c6:00:07:2e
	inet6 fe80::76:c6ff:fe00:72e%igc1 prefixlen 64 scopeid 0x2
	inet6 2001:xxx:28:191::1 prefixlen 64
	inet 192.168.77.1 netmask 0xffffff00 broadcast 192.168.77.255
	inet 10.0.90.1 netmask 0xffffff00 broadcast 10.0.90.255
	inet 192.168.77.5 netmask 0xffffff00 broadcast 192.168.77.255 vhid 5
	carp: BACKUP vhid 5 advbase 1 advskew 254
	      peer 224.0.0.18 peer6 ff02::12
	media: Ethernet autoselect (2500Base-T <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

2001:xxx:28:191::5 is just missing

And on 23.01 it presents. VIP config is the same.

igc1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN
	options=49020b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,NETMAP,NOMAP>
	ether 02:76:c6:00:07:2e
	inet6 fe80::76:c6ff:fe00:72e%igc1 prefixlen 64 scopeid 0x2
	inet6 2001:xxx:28:191::1 prefixlen 64
	inet6 2001:xxx:28:191::5 prefixlen 64 vhid 6
	inet 192.168.77.1 netmask 0xffffff00 broadcast 192.168.77.255
	inet 10.0.90.1 netmask 0xffffff00 broadcast 10.0.90.255
	inet 192.168.77.5 netmask 0xffffff00 broadcast 192.168.77.255 vhid 5
	carp: BACKUP vhid 5 advbase 1 advskew 254
	carp: BACKUP vhid 6 advbase 1 advskew 254
	media: Ethernet autoselect (2500Base-T <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Edit:
If I manually execute

ifconfig igc1 inet6 2001:xxx:28:191::5 prefixlen 64 vhid 6

on both firewalls then CARP is working again, showing status and IPv6 is also accessible

EDIT2:

/rc.newwanip: The command '/sbin/ifconfig igc1 alias '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx' returned exit code '1', the output was 'ifconfig: 2001:xxx:28:191::5: bad value'

Should not it be

/sbin/ifconfig igc1 inet6 '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx'

or

/sbin/ifconfig igc1 inet6 alias '2001:xxx:28:191::5' prefixlen '64' vhid '6' mcast6 advskew '100' advbase '1' pass 'xxxx'

?

w0w

Replicated on VMs. Looks like any IPv6 CARP VIP creating is just fails on 23.05

SteveITS

@w0w can you create an entry in redmine.pfSense.org and maybe upload your test config? Maybe they can catch it before release.

w0w

@steveits
https://redmine.pfsense.org/issues/14383