pfSense Gold Subscription

Author Topic: CARP secondary unable to reach gateway  (Read 841 times)

0 Members and 1 Guest are viewing this topic.

Offline jwelter99

  • Full Member
  • ***
  • Posts: 104
    • View Profile
CARP secondary unable to reach gateway
« on: April 30, 2012, 12:52:52 pm »
Hi everyone,

I have what appears to be an IPv6 issue.

Background:

Two identical pfsense boxes running in a HA pair.

One can ping the WAN DG, the other can not.  Both can be accessed via the WAN, just that one can't access out the WAN.

The only differences I can find between the two is the results of an ifconfig:

Working unit:

Code: [Select]
em5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:8d:d6:5f
inet xx.yy.zz.213 netmask 0xfffffff0 broadcast xx.yy.zz.223
inet6 fe80::230:48ff:fe8d:d65f%em5 prefixlen 64 scopeid 0x6
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Broken unit:
Code: [Select]
em5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:8d:d4:f7
inet6 fe80::230:48ff:fe8d:d4f7%em5 prefixlen 64 scopeid 0x6
inet xx.yy.zz.214 netmask 0xfffffff0 broadcast xx.yy.zz.223
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

The broken one lists the ipv6 IP first and I am wondering if that is causing the issue.  Not sure how to over-ride that?  IPv6 support is disabled in the advanced options.

Any suggestions?
« Last Edit: April 30, 2012, 01:08:14 pm by jwelter99 »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: Odd IPv6 issue?
« Reply #1 on: April 30, 2012, 01:26:25 pm »
That wouldn't have anything to do with it. Especially if you have IPv6 disabled.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jwelter99

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: Odd IPv6 issue?
« Reply #2 on: April 30, 2012, 01:49:05 pm »
That wouldn't have anything to do with it. Especially if you have IPv6 disabled.

Ok, I am running on hunches here as it's the ONLY thing different except the ip's (obviously).   The problematic unit can't access the packages repository either, it's any firewall initiated traffic to the WAN doesnt make it but from WAN->FW is fine.

Thanks.


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: Odd IPv6 issue?
« Reply #3 on: April 30, 2012, 01:58:19 pm »
If it can't reach it's gateway then it can't get out beyond. Usual things to look for there are to make sure that there are no conflicting IPs, that the switch connecting all three devices (ISP router, carp master, carp slave) is working properly, make sure the subnet mask matches properly (is it really a /28? what's the ISP router set to?), and so on.

Things like that usually boil down to a conflict of some kind, or a layer 1/2 issue.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!