Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No responses to IPv6 "neighbor solicitation who has" with CARP

    IPv6
    1
    1
    866
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • awebster
      awebster last edited by

      Hi,

      I have a situation where a pair of pfSense (vm) instances are using CARP, and connected to a WAN as follows:
      pfSense #1 WAN IP: WXYZ::1c
      pfSense #2 WAN IP: WXYZ::1d
      CARP Virtual IP: WXYZ::1e
      Gateway (provider): WXYZ::19

      On Box#1 (or current master)
      ping6 WXYZ::19 works fine, since it uses the real IP

      PING6(56=40+8+8 bytes) WXYZ::1c –> WXYZ::19
      16 bytes from WXYZ::19, icmp_seq=0 hlim=64 time=2.777 ms
      16 bytes from WXYZ::19, icmp_seq=1 hlim=64 time=1.236 ms

      But if I ping using the virtual IP as source IP, I get no response

      ping6 -S WXYZ::1e WXYZ::19
      PING6(56=40+8+8 bytes) WXYZ::1e –> WXYZ::19

      Using tcpdump, I do see a neighbor solicitation request shortly after the pinging starts

      13:55:32.511551 ethertype IPv6 (0x86dd), length 70: WXYZ::1e > WXYZ::19: ICMP6, echo request, seq 0, length 16
      13:55:33.518225 ethertype IPv6 (0x86dd), length 70: WXYZ::1e > WXYZ::19: ICMP6, echo request, seq 1, length 16
      13:55:34.517878 ethertype IPv6 (0x86dd), length 70: WXYZ::1e > WXYZ::19: ICMP6, echo request, seq 2, length 16
      13:55:37.888764 ethertype IPv6 (0x86dd), length 86: WXYZ::19 > WXYZ::1e: ICMP6, neighbor solicitation, who has WXYZ::1e, length 32

      Problem is that despite having IPv6 ICMP allowed (also tried with any) from provider's network to all my real + virtual IP, any type, logging turned on, nothing is recorded in the logs!

      So the question is this, should pfSense be responding to the neighbor solicitation, who has request? 
      Without that, I don't see how the layer2 is going to be able to figure out where to forward the packet.

      Also, from outside source pinging WXYZ::1c and WXYZ::1d works fine, but WXYZ::1e does not.

      Suggestions anyone?

      –A.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post