Incomplete CARP IPv6 neighbour discovery from client side

[Hypocrisy7186]

When attempting to ping a CARP IPv6 address on the same VLAN from a client machine I get "Destination unreachable: Address unreachable". The output of "ip -6 neigh show" show the following "x:x:x:5::1 dev br0  INCOMPLETE".  Packet capture on the OPNsense instance that hosts the CARP IPv6 address shows "ICMP6, neighbor solicitation" but no ICMP6 responses. I've attached my network diagram to this post.

If I add a static entry with "sudo ip -6 neigh add x:x:x:5::1 lladdr 00:e2:69:63:f7:00 nud permanent dev br0" The ping completes until I remove the static entry. Not sure what else to try to resolve this issue?

[Hypocrisy7186]

Just to added to the above the IPv4 CARP address is pingable on the same VLAN. This just effect IPv6 CARP address

[franco]

Maybe going down a rabbit hole here, but what is your CARP IPv6 address? It doesn't look like a link-local being anonymised so I think there's one problem right there.


Cheers,
Franco

[Hypocrisy7186]

The Carp addresses are as below. The "x" is to hide the start of my ipv6 address

Ipv6 x:x:x:5::1/64
Ipv6 ll: fe80::5/64

[franco]

Ping to link-local CARP from client works but not to ULA? Does the client have an ULA from the correct prefix?


Cheers,
Franco

[Hypocrisy7186]

Sorry to have troubled you but its now working despite 0 changes on the firewall, switches or the client networking. Now that its working I've got no ways to try and trace why it was not working previously 

[franco]

No worries... if it works it works


Cheers,
Franco