Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


HELP! IPv6, Virtualizor, Hetzner - MAC abuses
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HELP! IPv6, Virtualizor, Hetzner - MAC abuses

KONAKKONAK Member

hello,

I installed KVM Virtualizor on Hetzner server,
then I created bridge to viifbr0. Next, I created several VM using only IPv6

after few minutes I got this message:
"We have detected that your server is using different MAC addresses from those allowed by your Robot account."

Please help me to solve this problem.

cat ifcfg-enp2s0
DEVICE=enp2s0
HWADDR=Ax:xx:xx:x9
ONBOOT=yes
IPV6INIT=yes
BRIDGE=viifbr0
NM_CONTROLLED="no"
NETBOOT=no

cat ifcfg-viifbr0
DEVICE=viifbr0
TYPE=Bridge
BOOTPROTO=static
GATEWAY=GATEWAY
IPADDR=IPv4
NETMASK=255.255.255.192
SCOPE="peer Gateway"
ONBOOT=yes
IPV6_AUTOCONF=no
IPV6INIT=yes
IPV6ADDR=xxx:xxxx:xxxx:2/64
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=viifbr0
IPV6_FAILURE_FATAL=no
DNS1=8.8.8.8
DNS2=2001:4860:4860::8888
NM_CONTROLLED="no"

cat route-viifbr0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=GATEWAY

sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

i added ipv6 in virtualizor panel and check "routed"

Comments

  • Mr_TomMr_Tom Member, Host Rep
    edited October 2021

    Change it to a routed setup (I'm not familiar with Centos network config so can't advise the best way) rather than a bridged setup.

    Edit: or speak to their support about ordering virtual MAC addresses and use them for your VMs

  • @Mr_Tom said:
    Change it to a routed setup (I'm not familiar with Centos network config so can't advise the best way) rather than a bridged setup.

    Edit: or speak to their support about ordering virtual MAC addresses and use them for your VMs

    by checking "routed" in ip-pool virtualizor, i think that should use routed connection for each vm to new bridged connection. but it is weird why i still get mac abuses

  • I contacted both virtualizor and hetzner, none of them are helpful

  • Mr_TomMr_Tom Member, Host Rep

    @KONAK said: by checking "routed" in ip-pool virtualizor

    It's a bit more involved than just ticking routed. You need a second interface but don't bridge it to the main network interface.

    Then create a route on the interface for the ipv6 addresses/subnets.

  • @Mr_Tom said:

    @KONAK said: by checking "routed" in ip-pool virtualizor

    It's a bit more involved than just ticking routed. You need a second interface but don't bridge it to the main network interface.

    Then create a route on the interface for the ipv6 addresses/subnets.

    I just contacted hetzner about macs, they wont give more macs for ipv6.

    about your solution, please correct if what i said wrong:
    1. if i have enp5s0 i create enp5s0:0
    2. then i can bridge viifbr0 to np5s0:0
    3. then all vms connect to this viibr0
    am i correct?

  • AndreixAndreix Member, Host Rep
    edited October 2021

    Hetzner logic:
    Says on WIKI you can use a bridged network model, then block your server's IP address for using a bridged network model.

    I've had a server with them for a personal blog and a backup thing. Dumped them after I saw you can't really get them to be reasonable in any way.
    Ahh, this leads me to hetzner logic part 2:
    You can, of course, backup your VMs and transfer the data on your PC, but we won't unblock your IP. You need to hocus-pocus-data-downloadus via the Lantronix KVM.

  • Mr_TomMr_Tom Member, Host Rep
    edited October 2021

    This is similar to what I use - feel free to adjust to CentOS network setup

    auto lo
      iface lo inet loopback
      iface lo inet6 loopback
    
    auto enp4s0
    iface enp4s0 inet static
      address ipv4.add.re.ss
      netmask 255.255.255.192
      gateway ga.te.wa.y
      up route add -net a.a.a.a netmask 255.255.255.192 gw ga.te.wa.y dev enp4s0
      post-up echo 1 > /proc/sys/net/ipv4/ip_forward
      post-up echo 1 > /proc/sys/net/ipv4/conf/enp4s0/proxy_arp
    
    iface enp4s0 inet6 static
      address 2a01:xx:yy::2
      netmask 64
      gateway fe80::1
    
    auto viifbr0
    iface viifbr0 inet static
      address SAME.AS.AB.OVE
      netmask 255.255.255.192
      bridge_ports none
      bridge_stp off
      bridge_fd 0
    
    iface viifbr0 inet6 static
      pre-up modprobe ipv6
      address 2a01:xx:yy::3
      netmask 64
      post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
      post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
      post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
      up ip -6 addr add 2a01:xx:yy:1:1:1/96 dev viifbr0 <-- IP FROM MAIN /64 - give each VM an address from this /96 (for example) and then use this address as their gateway
    

    Hope that helps.

    Thanked by 3KONAK teaser Talistech
  • @Mr_Tom said:
    This is similar to what I use - feel free to adjust to CentOS network setup

    auto lo
      iface lo inet loopback
      iface lo inet6 loopback
    
    auto enp4s0
    iface enp4s0 inet static
      address ipv4.add.re.ss
      netmask 255.255.255.192
      gateway ga.te.wa.y
      up route add -net a.a.a.a netmask 255.255.255.192 gw ga.te.wa.y dev enp4s0
      post-up echo 1 > /proc/sys/net/ipv4/ip_forward
      post-up echo 1 > /proc/sys/net/ipv4/conf/enp4s0/proxy_arp
    
    iface enp4s0 inet6 static
      address 2a01:xx:yy::2
      netmask 64
      gateway fe80::1
    
    auto viifbr0
    iface viifbr0 inet static
      address SAME.AS.AB.OVE
      netmask 255.255.255.192
      bridge_ports none
      bridge_stp off
      bridge_fd 0
    
    iface viifbr0 inet6 static
      pre-up modprobe ipv6
      address 2a01:xx:yy::3
      netmask 64
      post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
      post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
      post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
      up ip -6 addr add 2a01:xx:yy:1:1:1/96 dev viifbr0 <-- IP FROM MAIN /64 - give each VM an address from this /96 (for example) and then use this address as their gateway
    

    Hope that helps.

    thanks for your help that give me more reference,
    so what I did same as you, i stated the ipv4 and ipv6 in both nic (default and bridge) then my vm use viibr0 with new gateway ::3

    then i received this email "The issue of the relevant ticket has been successfully resolved"

    thanks again for your help

  • teaserteaser Member
    edited January 2022

    Hello,

    recently I had the same problem and with the help of this thread I was able to solve the problem at least partially. I did it as described above, but DNS is not working inside my VM. I can ping naked ip's and I can ping my vm from the outside. But it does not connect via ssh from the outside nor can I connect to any server from my VM.
    My IPV4-VM works in bridge-mode flawlessly.

    Thanks for any hint in advance.

    My neworkt setup is:

       auto lo
       iface lo inet loopback
       iface lo inet6 loopback
    
        auto enp35s0
        iface enp35s0 inet manual
        iface enp35s0 inet6 manual
    
        auto br0
        iface br0 inet static
          address 135.x.y.z
          netmask 255.255.255.192
          network 135.x.y.z
          broadcast 135.x.y.z
          gateway 135.x.y.z
          bridge_ports enp35s0
          bridge_stp off
          bridge_fd 0
          bridge_maxwait 0
          dns-nameservers 1.1.1.1
    
        iface br0 inet6 static
          address 2a01:bla:bla:bla::2
          netmask 64
          gateway fe80::1
          dns-nameservers 2606:4700:4700::64
    
        auto vmbr0
        iface vmbr0 inet6 static
          address 2a01:bla:bla:bla::3
          netmask 64
          post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
          post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
          post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
          up ip -6 addr add 2a01:bla:bla:bla::aaa:bbb:1/96 dev vmbr0
    
  • This reference is priceless, seeing as Hetzner can't be bothered to produce their own documentation for how to do it:

    This shows how to setup Hetzner IPv6 on host node with radvd and how to route traffic for IPv6 for your VMs.

    my 2 cents.

    Cheers!

    Thanked by 1teaser
  • teaserteaser Member
    edited January 2022

    For the record:

    I figured out the error. It was between the screen and the chair :s
    The code above is totally fine. I did this mistake several times before and did not think of my firewall.

    ufw route allow in on br0 out on vmbr0
    ufw route allow in on vmbr0 out on br0
    

    After adding this to my firewall it worked like a charm.

Sign In or Register to comment.