Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Ipv6 issues with PVE 7
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ipv6 issues with PVE 7

jason5545jason5545 Member
edited April 2022 in Help

I just received ipv6 block from my dedi, but I am having issues with configuration,
Here is my configuration
ip -a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 26: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether b6:4c:80:f9:21:61 brd ff:ff:ff:ff:ff:ff inet 10.10.10.1/24 scope global vmbr1 valid_lft forever preferred_lft forever 27: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:25:90:xx:1e:0e brd ff:ff:ff:ff:ff:ff inet 173.208.xxx.xx/29 scope global vmbr0 valid_lft forever preferred_lft forever inet6 2604:xxxx:a:212::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::225:90ff:fe85:1e0e/64 scope link valid_lft forever preferred_lft forever
Network/interfaces:
`auto lo
iface lo inet loopback
iface lo inet6 loopback

iface eno1 inet manual

iface eno2 inet manual

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

iface vmbr0 inet6 static
address 2604:xxxx:a:212::2/64
gateway 2604:xxxx:a:212::1
netmask 64

auto vmbr0
iface vmbr0 inet static
address 173.208.xxx.xx/29
gateway 173.208.2xx.xx
bridge-ports eno1
bridge-stp off`
What could I possibly do wrong?
Appreciate the help.🙂

Comments

  • jugganutsjugganuts Member

    Ovh and ipv6 has always been interesting.

    Thanked by 2v3ng jason5545
  • MaouniqueMaounique Host Rep, Veteran

    You need to do routing through one of the IPv6. Look to ndppd if you would like to use more IPv6 for containers or VMS for example, otherwise leave only one on auto.

    Thanked by 1jason5545
  • 30033003 Member

    I had it working at some point on a old ovh dedi i had a while back, but it was a mess if the node was ever rebooted. Simply stopped using ipv6 on it, since it is not really needed for anything i do.

    Thanked by 1jason5545
  • ezethezeth Member, Patron Provider
    edited April 2022

    @3003 said: Simply stopped using ipv6 on it, since it is not really needed for anything i do.

    cat - > /etc/sysctl.d/ipv6-disable.conf <<EOF
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    EOF
    sysctl --system

    I hope this can help in the future. I run it on most if not all servers. Copy paste and you're done. Really simple

    Thanked by 1jason5545
  • cyagoncyagon Member
    edited May 2022

    Is that a Kimsufi, if so, thats my config

    auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address XX.XX.XX.XX/24
    gateway XX.XX.XX.254
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    # important, the MAC of your eno1
    hwaddress XX:XX:XX:XX:XX:XX

iface vmbr0 inet6 static
    address WWWW:XXXX:YYYY:ZZZZ::1/64
    # OVH shenanigans
    post-up sysctl -w net.ipv6.conf.all.autoconf=0
    post-up sysctl -w net.ipv6.conf.all.accept_ra=0
    post-up sysctl -w net.ipv6.conf.all.forwarding=1
    # notice the just 2 Z at the end before the ffs
    post-up sleep 5; /sbin/ip -6 route add WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff dev vmbr0
    post-up sleep 5; /sbin/ip -6 route add default via WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff
    pre-down /sbin/ip -6 route del default via WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff
    pre-down /sbin/ip -6 route del WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff dev vmbr0

auto vmbr1
iface vmbr1 inet static
    address 10.0.0.1/24
    bridge_ports none
    bridge_stp off
    bridge_fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        # for the containers
    post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

    For IPv6 routing to your vserver, a config for ndppd at /etc/ndppd.conf (not just an IPv6 address, your subnet):

    route-ttl 30000
proxy vmbr0 {
    router no
    timeout 500
    ttl 30000
    rule WWWW:XXXX:YYYY:ZZZZ::/64 {
        static
    }
}

    Activate ndppd with systemctl enable --now ndppd and you should be set.

    Otherwise, that could help too. Maybe you do not need ndppd in that case: https://docs.ovh.com/gb/en/dedicated/network-ipv6/

    Thanked by 2ehab jason5545
  • jason5545jason5545 Member
    edited May 2022

    I'm quiet for a few days because just until last night I was fully satisfied with my set-up with ipv6.

    @jugganuts said:
    Ovh and ipv6 has always been interesting.

    @3003 said:
    I had it working at some point on a old ovh dedi i had a while back, but it was a mess if the node was ever rebooted. Simply stopped using ipv6 on it, since it is not really needed for anything i do.

    Luckily it isn't OVH, it's DediSpec.

    A little bit of background story:
    I tried for many days tinkering with the configuration files trying to get ipv6 working, at the end, I decided to outsource some technical help from the guy that helps fix my OVH server with PVE last month.
    After some discussion with him, we agreed with going for a different approach for both ipv6 and 4, because my ipv6 only has a /29 block so we decided to build an OpenWRT router, to handle all ipv4 NAT,so it occupied only one ipv4 address. But as for ipv6, because I basically had a full/64 block, so the better approach seems to be just to let the dedispec DHCP to my VMs.
    But here we encountered a bug, if we use LXC to deploy a VM, we can't get any ipv6 capabilities, whether DHCP or by manual setup. So we decided to, just ditch the LXC, and went full KVM.

    Then, we discovered another issue, no matter how we change the settings, ipv6 just doesn't want to work with windows 11 VM, we tried manual giving the IP, or turning off the windows firewall, but nothing works. At last, I just said I will just let the windows 11 VM goes through ipv4 NAT, it works out well, until now we still don't know why windows don't want to work with ipv6. Maybe I will try a reinstall in the future.

    Besides windows, other VM works beautifully with ipv6 after he is set up.

    @Maounique said:
    You need to do routing through one of the IPv6. Look to ndppd if you would like to use more IPv6 for containers or VMS for example, otherwise leave only one on auto.

    Yeah, I used gateway:xxxx in my network/interfaces files which didn't work, the guy used up IP -6 route add instead of the gateway, which works. I guess he used OpenWRT to handle the ipv6 lease because ndppd seems doesn't exist on my system.

    and for those we need, the ipv6 PD address is just your gateway but remove the :1 part.

    @cyagon said:
    Is that a Kimsufi, if so, thats my config

    auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address XX.XX.XX.XX/24
    gateway XX.XX.XX.254
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    # important, the MAC of your eno1
    hwaddress XX:XX:XX:XX:XX:XX

iface vmbr0 inet6 static
    address WWWW:XXXX:YYYY:ZZZZ::1/64
    # OVH shenanigans
    post-up sysctl -w net.ipv6.conf.all.autoconf=0
    post-up sysctl -w net.ipv6.conf.all.accept_ra=0
    post-up sysctl -w net.ipv6.conf.all.forwarding=1
    # notice the just 2 Z at the end before the ffs
    post-up sleep 5; /sbin/ip -6 route add WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff dev vmbr0
    post-up sleep 5; /sbin/ip -6 route add default via WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff
    pre-down /sbin/ip -6 route del default via WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff
    pre-down /sbin/ip -6 route del WWWW:XXXX:YYYY:ZZff:ff:ff:ff:ff dev vmbr0

auto vmbr1
iface vmbr1 inet static
    address 10.0.0.1/24
  bridge_ports none
  bridge_stp off
  bridge_fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        # for the containers
  post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
  post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

    For IPv6 routing to your vserver, a config for ndppd at /etc/ndppd.conf (not just an IPv6 address, your subnet):

    route-ttl 30000
proxy vmbr0 {
    router no
    timeout 500
    ttl 30000
    rule WWWW:XXXX:YYYY:ZZZZ::/64 {
        static
    }
}

    Activate ndppd with systemctl enable --now ndppd and you should be set.

    Otherwise, that could help too. Maybe you do not need ndppd in that case: https://docs.ovh.com/gb/en/dedicated/network-ipv6/

    Noted, maybe I will use it on my KS1 someday, thanks.

    Thanked by 1Not_Oles
  • jason5545jason5545 Member
    edited May 2022

    @jugganuts said:
    Ovh and ipv6 has always been interesting.

    I wouldn't bother with ipv6 on OVH, unless it's a Kimsufi. OVH's ipv4 is dirt cheap compared to others. :D

Sign In or Register to comment.