Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Link-local gateway // cisco hsrp config

    Scheduled Pinned Locked Moved IPv6
    4 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cpm
      last edited by

      Hi,

      I've got a /48 IPv6 net routed via a /64 transfer net. Both nets are from a globally routable address space but my Providers Gateway is only available via a link-local address (due Cisco's HSRP IPv6 config) in the /64. Anything works fine with my Mikrotik testbed setup.
      Is it possible that pfSense ( 2.1-dev, built on Apr. 13) has a problem if an interface has a routable address with a link-local gateway? Because I could configure this setup but no pings are passing by my firewall (yes, all icmp6 packets are allowed for testing) and the firewall seems to hang if you're trying to ping a ipv6 target outside my net.

      Have anyone seen this problem before?
      Chris

      1 Reply Last reply Reply Quote 0
      • D Offline
        databeestje
        last edited by

        That is a perfectly valid configuration.

        so you setup pfSense with the global IPv6 address from the transfer net (not with carp I hope, that's broken in 8.3) on the WAN. You can then configure the gateway to be the link local address of the cisco. They most likely configured a HSRP link-local for you.

        The current available Cisco IOS does not yet do HSRP with a global address yet.

        I'm using the same sort of deal at work with a HSRP link local and it works fine for me. Check if it's inserted in the default route on pfSense. Diag > routes.

        You can add these routes via the System > routing page. Note that unless you configure the router for SLAAC it won't pickup on router advertisements.

        It probably hangs because of the unreachable DNS.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cpm
          last edited by

          So I upgrade to the latest snapshot, reboot the machine and .. d'oh - it works now. Maybe it was too late yesterday to realize that it already works.  ::)

          Thanks for your help and clarification!
          Chris

          1 Reply Last reply Reply Quote 0
          • Z Offline
            Zeon
            last edited by

            Yup should work fine  :D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.