so upon disabling and re enabling the WAN interface this is when i see the issue occur. the only action that can be taken it seems is to manually select the gateway removing it off the automatic option. restarting the gateway service nor reboot changes its behaviour.

Running on 2.6.0-RELEASE (amd64) wonder if anyone else is getting the same issue?

@cmcdonald thank you for the explanation. indeed the problem was my frr configuration, all is working fine now.

@serbus Just saw the latest video from Tom Lawrence and it seems to be a bug in the software we are using. So the solution will be to roll back.

@JKnott: you've got my requirement upside-down.

I want the pfSense firewalls, on their WAN interface, to accept RAs from the upstream routers.

This is the normal behaviour for RAs. In fact, pfSense supports it if the WAN interface is configured dynamically using DHCP6 or SLAAC. I want to know if it's possible when the WAN interface is configured with a static IPv6 address.

Downstream, everything is fine:

fw1 fw2 | | -+---+----+- | server I can configure pfSense to send RAs only (without offering SLAAC prefix or DHCP6) I can configure the server with a static IPv6 address I can configure the server to pick up its default route via RA (e.g. Linux: accept_ra=1)

That all works fine. Now I need to do the same upstream, where the pfSense WAN is the "client" and the upstream routers send RAs.

You are right that I could instead use VRRP or CARP. The reasons not to do this are partly philosophical (IPv6 already provides this facility, in the form of Router Advertisements), and partly practical: the Netgear M4300-24X24F I'm using has a bug where it drops more than 90% of IPv6 CARP packets, which results in devices switching into MASTER-MASTER mode. (Aside: it also doubles IPv4 CARP packets. Go figure). I do have a case open with Netgear for this.

I know how networks work, so I'm trying to ask a specific question about pfSense from pfSense experts. The question is: if I configure pfSense WAN interface with a static IPv6 address, can it also be configured to accept Router Advertisements? "Yes" or "no" from someone who knows the answer, please.

@SergeCaron (Sheepish grin) I figured out the "cannot uninstall cleanly" caution in Patch Manager. I installed the patch and Patch Manager happily reports it can be uninstalled cleanly.

Unfortunately, I can no longer reproduce the disapearing Gateway issue: even if I force a complete disconnect of Tier 1, the Gateway Group does not switch to Tier 2.

So, I will close this issue for now.