Proxmox on IPv6 only

mezoology

I have an IPv6-only VPS that needed to use proxmox on it.
it's not my first use of proxmox, I did this several times on PHP Friends and worked with no issues.
but this time I'm finding a hard time getting it to work. so I need your help if you may.

let's start with the conf.

===Host===
cat /etc/network/interfaces

  GNU nano 5.4                                          /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto ens3

iface ens3 inet6 static
        address 2a01:4fx:xxx:f90a::b/128
        gateway 2a01:4fx:xxx:f900:2::2

auto vmbr0
iface vmbr0 inet6 static
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        address 2a01:4fx:xxx:f90a::a/64
        up ip -6 route add 2a01:4fx:xxx:f90a::/64 dev vmbr0

cat /etc/ndppd.conf

route-ttl 30000
proxy vmbr0 {
router yes
timeout 500
ttl 30000
rule 2a01:4fx:xxx:f90a::/64 {
static
}
}

==Guest==
cat /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet6 static
        address 2a01:4fx:xxx:f90a::5050/128
# --- BEGIN PVE ---
        post-up ip route add 2a01:4fx:xxx:f90a::a dev eth0
        post-up ip route add default via 2a01:4fx:xxx:f90a::a dev eth0
        pre-down ip route del default via 2a01:4fx:xxx:f90a::a dev eth0
        pre-down ip route del 2a01:4fx:xxx:f90a::a dev eth0
# --- END PVE ---

• Host can reach the internet with no issue.
• net.ipv6.conf.default.forwarding = 1 is uncommented
• tried with ndppd and w/o
• I had no luck with bridge mood either.

I can ping host<=> Guest
from inside guest, I can ping both ens3/vmbr0 IPs but not the internet

any ideas to pinpoint this issue ?

Neoon

Usually ndppd is ran on the primary interface, not the secondary.

mezoology

@Neoon said:
Usually ndppd is ran on the primary interface, not the secondary.

I ran it on ens3 with :

route-ttl 30000
proxy ens3 {
router yes
timeout 500
ttl 30000
rule 2a01:4fx:xxx:f90a::/64 {
static
}
}

still no luck.

Neoon

Ah, yea php-friends is using SolusVM.
You are out of luck here.

You can try to add every single IPv6 address by hand in the Panel to make it "work".
Honestly, had the same issue, never got it to work.

Maybe you can ask them for a routed IPv6 subnet.

mezoology

i mean, i got it to work once on PHP Friends. actually several times. on the root servers.

my wording sux, sorry
Current Host using VirtFusion. if that helps. DC is Hetzner

Maounique

If the whole /64 is allowed to go out, then you don't need ndppd, just bridge to vmbr0 and put the IPs on it, i.e. bridge ens3 to vmbr0 give it no IP and only put it on vmbr0 (the external IPv6 you use on host).

If only one IPv6 is allowed to go out, or any one at a time, then you do need ndppd and a routing inside of the host. Hopefully that is not the case and it would work with the first kind of setup.

mezoology

@Maounique said: If the whole /64 is allowed to go out, then you don't need ndppd, just bridge to vmbr0 and put the IPs on it, i.e. bridge ens3 to vmbr0 give it no IP and only put it on vmbr0 (the external IPv6 you use on host).

I tried bridge setup, and it's not working, it seems like the gateway is bound to the host interface MAC.

@Maounique said: If only one IPv6 is allowed to go out, or any one at a time, then you do need ndppd and a routing inside of the host. Hopefully that is not the case and it would work with the first kind of setup.

this is what I try to do on the setup on OP, looks like is more reachable than the bridge setup.
not sure whats wrong with this setup as I did it before on hetzner.

mezoology

Good news

I managed to make it work.

borrowed @Maounique setup from this post but ndppd wasn't acting nice to me. never worked.

so after some fiddling with the /etc/network/interfaces and tcpdump, using https://github.com/setaou/ndp-proxy on vmbr0 made the CT/VM see the light of the internet.

thank you everyone tried to help