Incomplete CARP IPv6 neighbour discovery from client side

Started by Hypocrisy7186, June 01, 2023, 09:46:02 AM

Previous topic - Next topic
When attempting to ping a CARP IPv6 address on the same VLAN from a client machine I get "Destination unreachable: Address unreachable". The output of "ip -6 neigh show" show the following "x:x:x:5::1 dev br0  INCOMPLETE".  Packet capture on the OPNsense instance that hosts the CARP IPv6 address shows "ICMP6, neighbor solicitation" but no ICMP6 responses. I've attached my network diagram to this post.

If I add a static entry with "sudo ip -6 neigh add x:x:x:5::1 lladdr 00:e2:69:63:f7:00 nud permanent dev br0" The ping completes until I remove the static entry. Not sure what else to try to resolve this issue?

Just to added to the above the IPv4 CARP address is pingable on the same VLAN. This just effect IPv6 CARP address

Maybe going down a rabbit hole here, but what is your CARP IPv6 address? It doesn't look like a link-local being anonymised so I think there's one problem right there.


Cheers,
Franco

The Carp addresses are as below. The "x" is to hide the start of my ipv6 address

Ipv6 x:x:x:5::1/64
Ipv6 ll: fe80::5/64

Ping to link-local CARP from client works but not to ULA? Does the client have an ULA from the correct prefix?


Cheers,
Franco

Sorry to have troubled you but its now working despite 0 changes on the firewall, switches or the client networking. Now that its working I've got no ways to try and trace why it was not working previously  ???