NDP Proxying Issue

[Alex]

Hi,

I am running FreeBSD 12.1-RELEASE on DigitalOcean, where my Droplet is
assigned 16 IPv6 addresses (2604::0 --> 2604::f). I would like it to
respond to neighbor solicitation requests from DO, even though the IP
being solicited is not bound to any interface on the machine. Based on
my research, this is exactly what NDP proxying is for, which is
configured by the "ndp" tool. I already have one IPv6 address fully
operational, and I see it listed in the output of "ndp -a" (IPs
redacted):

2604::1 12:34:56:78:90:ff vtnet0 permanent R

"12:34:56:78:90:ff" is the MAC address of vtnet0, the main
public-facing interface of the machine.

I have executed the following command:

ndp -s 2604::2 12:34:56:78:90:ff proxy

leading to the following output from "ndp -a":

2604::2 12:34:56:78:90:ff vtnet0 permanent R p

This indicates to me that NDP proxying for this IP has been set up
properly. When running tcpdump on vtnet0, and after attempting to
connect to 2604::2 from a remote machine, I see the following:

02:25:04.068528 IP6 fe80::1 > ff02::2: ICMP6, neighbor solicitation,
who has 2604::2, length 32

The ISP is properly asking if my machine has that address, however I
never see a neighbor advertisement in response. Based on the fact
that the "ndp -s" command succeeded and the entry is listed, why would
this be? I have pf disabled. I am not aware of any sysctl variables that
might prevent this from working.

Regards,
Alex