VE 8.0.4 how to enable IPv6 on Host port?

[bearhntr]

I have tried everything - even reloaded it completely. I cannot get port to pull an IPv6 address from my pfSense Router.

My ISP provides me with a /64 IPv6 block and I am using prefix 0 (all of my other systems will pull an IPv6 address). COMCAST uses DHCPv6 (with Track Interface of the WAN).
My machines pull an address which looks like this: 2601:c4:c501:xxxx:yyyy:bee2:275b:9070 (masked IP)

When I do' ip addr' from the Proxmox shell - I see it only has a link-local "fe80" address.



You can see below that pfSense is working for IPv6 (2607



If I try that from Proxmox shell - I get a failure:



How do I fix this? I have been seeing some stuff for Debian and a file called --- /etc/sysctl.conf (but it is giving steps to 'disable' IPv6, which would lead one think it is already enabled)

 

[LnxBil]

Normally, servers don't use DHCP and therefore you have given your box an IPv4. That is static configuration and you need to do the same for IPv6, at least this is how the GUI has implemented this:



You can however set it the Debian way.

 

[Deleted member 205422]

Normally, servers don't use DHCP and therefore you have given your box an IPv4. That is static configuration and you need to do the same for IPv6, at least this is how the GUI has implemented this:

Servers do not have a say on what they use, but anyhow ...

You can however set it the Debian way.

Be aware there's a bug in current ifupdown that will not let you have static IPv4 + dynamic IPv6, it basically makes you then set the IPv4 also to auto and of course you might want to have a static DHCP lease set for it.

If you are planning to run a cluster it will be hell - because PVE.

 

[bearhntr]

Normally, servers don't use DHCP and therefore you have given your box an IPv4. That is static configuration and you need to do the same for IPv6, at least this is how the GUI has implemented this:

View attachment 58018

You can however set it the Debian way.

Thank you for your response... YAY!!! more reading. Yes, I wish I could set it to a STATIC v6 address, unfortunately my ISP does not give those to RESIDENTIAL customers (which I find strange - I mean there are like 1,000,000,000,000,000,000 addresses for IPv6 (I want my dog to have one too - LOL)).

 

[Deleted member 205422]

Also because you need DHCP on that v6, you might better benefit from these examples:

https://wiki.debian.org/IPv6PrefixDelegation

 

[bearhntr]

Servers do not have a say on what they use, but anyhow ...


Be aware there's a bug in current ifupdown that will not let you have static IPv4 + dynamic IPv6, it basically makes you then set the IPv4 also to auto and of course you might want to have a static DHCP lease set for it.

If you are planning to run a cluster it will be hell - because PVE.

I have a DHCP reservation on pfSense for the PROXMOX - in fact when I was installing it, it had that address already there. I tend to use DHCP RSVP when I have machines that I do not want to ever change (as a j.i.c fall-back). I just wish my ISP would give a static IPv6 /64 address block and be done with it.

 

[Deleted member 205422]

I have a DHCP reservation on pfSense for the PROXMOX - in fact when I was installing it, it had that address already there. I tend to use DHCP RSVP when I have machines that I do not want to ever change (as a j.i.c fall-back). I just wish my ISP would give a static IPv6 /64 address block and be done with it.

If you do not mind tunneling (and insist on having static /64 or even /56) then you can do 6in4 via tunnelbroker.net and then: https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

In fact you can have both. But it's more usable for the VMs than the hypervisor I would say.

 

[bearhntr]

This is what I was sent to setup my pfSense to use IPv6 with COMCAST (Residential)

system -> advanced ->networking:

1. check allow IPv6
2. Ipv6 DNS Entry, check Do not generate local ip DNS...
3. With an Intel nics I disable Hardware large Receive Offload

Interfaces -> Wan

1. IPv6 Config Type dhcp6
2. DHCPv6 Prefix Delegation size /64
3. Debug (if you want to)
4. check Do not wait for RA
5. check do not allow PD/Address release
6. check block private networks
7. check blockk bogon networks

Services --> DHCPv6 Server and RA

• If you can't select it, you may have to reboot then select it

Dhcpv6 Server tab

1. enable DHCPv6 server
2. set the range ::1000 to ::2000
3. prefix delegation size 64
4. Put in some DNS ipv6 servers, I just tossed in cloudflares
5. check Prove DNS servers to DHCPv6 clients

Under Router Advertisements tab

1. Router mode Assisted - RA Flages [managed, other stateful]
2. priority normal
   (use default lease times)
3. I put the ipv6 DNS servers in again
4. Check the Provide DNS configuration via radvd

 

[Deleted member 205422]

This is what I was sent to setup my pfSense to use IPv6 with COMCAST (Residential)

system -> advanced ->networking:

1. check allow IPv6
2. Ipv6 DNS Entry, check Do not generate local ip DNS...
3. With an Intel nics I disable Hardware large Receive Offload

Interfaces -> Wan

1. IPv6 Config Type dhcp6
2. DHCPv6 Prefix Delegation size /64
3. Debug (if you want to)
4. check Do not wait for RA
5. check do not allow PD/Address release
6. check block private networks
7. check blockk bogon networks

Services --> DHCPv6 Server and RA

• If you can't select it, you may have to reboot then select it

Dhcpv6 Server tab

1. enable DHCPv6 server
2. set the range ::1000 to ::2000
3. prefix delegation size 64
4. Put in some DNS ipv6 servers, I just tossed in cloudflares
5. check Prove DNS servers to DHCPv6 clients

Under Router Advertisements tab

1. Router mode Assisted - RA Flages [managed, other stateful]
2. priority normal
   (use default lease times)
3. I put the ipv6 DNS servers in again
4. Check the Provide DNS configuration via radvd

I am not an expert on Comcast or pfSense, but the setup looks like DHCPv6 (no SLAAC) of /64 i.e. one network. Then within the machines really could have any address, so the DHCPv6 Server tab is totally up to you, it does not even need to give ranges. It's mimicking DHCPv4 in this setup, but you will get routed out by your ISP anything from that /64 prefix.

Again, I am not sure on default settings, but be sure you have firewall on, because there's nothing like NAT so all these addresses will be world-routable.

EDIT: You may want to experiment with that v6 first on a VM, I would set up a Ubuntu (server!) VM and get it working there first with netplan, it's easier to figure out and once you have that working I would then move on to replicate the same on debian with ifupdown.

 

[bearhntr]

I am not an expert on Comcast or pfSense, but the setup looks like DHCPv6 (no SLAAC) of /64 i.e. one network. Then within the machines really could have any address, so the DHCPv6 Server tab is totally up to you, it does not even need to give ranges. It's mimicking DHCPv4 in this setup, but you will get routed out by your ISP anything from that /64 prefix.

Again, I am not sure on default settings, but be sure you have firewall on, because there's nothing like NAT so all these addresses will be world-routable.

EDIT: You may want to experiment with that v6 first on a VM, I would set up a Ubuntu (server!) VM and get it working there first with netplan, it's easier to figure out and once you have that working I would then move on to replicate the same on debian with ifupdown.

I have had IPv6 in this fashion for nearly 2 years now. All of my Windows machines and 1 MAC machine all pull an IPv6 address automatically and I can ping them by name and get that address back.

There are several sites which test your IPv6 configuration and I get excellent marks on those.

pfSense is both my router and my firewall and it is very locked down. I have CloudFlare for my DDNS (that allows me to access my HomeAssistant when I am not at home).

My question is, why does the proxmox host not pull an IPv6 address? From everything that I am reading it should have IPv6 enabled by default.

I have a 4-port NIC card in this proxmox server, and I plugged a cable from it into the hub I use for 2 other computers. It pulled an IPv6 and v4 address from the DHCP server on pfSense (and it is in the same range as all my other machines) - see image:

 

[LnxBil]

If you are planning to run a cluster it will be hell - because PVE.

You're a nice sparing partner, so here comes the next question:
Why would you want to have a cluster on IPv6, if you're running in a LAN? The nodes don't need that much internet and I would not allow them to have internet at all. Providing updates via internal mirror already. For nodes on the internet, this may be different, but LAN? I never worked with a company that had IPv6 inside of their LAN and they're not planing either for security reasons. Everything has to go through a proxy anyway.

 

[LnxBil]

I just checked and I have working IPv6 inside of my PVE box WITHOUT configuring ANYTHING. That seems a little odd to me. I just have a vlan-aware bridge configured with a static IPv4 address. No IPv6-related configuration at all in /etc/network/interfaces.

 

[Deleted member 205422]

My question is, why does the proxmox host not pull an IPv6 address? From everything that I am reading it should have IPv6 enabled by default.

I don't think you are reading about Proxmox PVE for that, PVE in default install does not even pull DHCPv4. It's all static. PVE only does what it is told to do in Debian's /etc/network/interfaces. I do not have any such setup at hand here, definitely not with DHCPv6 (I normally use SLAAC with RA only).

I understand you hoped for tutorial kind of reply, maybe it comes later from someone who runs PVE (or more likely just Debian) on Comcast. I do not want to copy paste from Google what I blindly believe should work, so all I did was pointed you to Debian docs and mentioned your setup is DHCPv6 (no SLAAC). You would have to experiment.

I have a 4-port NIC card in this proxmox server, and I plugged a cable from it into the hub I use for 2 other computers. It pulled an IPv6 and v4 address from the DHCP server on pfSense (and it is in the same range as all my other machines) - see image:

That's good, that simply means that PVE gets all it needs on the NIC, but it ignores it because it is not configured to touch IPv6. It just passed through the traffic for others to take advantage of the IPv6 autoconfiguration. It's really good learning experience to understand IPv6 better (and how it differs from v4 which it does especially no broadcast etc), then from there Debian's ifupdown configuration of it. I only warned you that you cannot keep IPv4 as static and set up IPv6 as you need since there's a bug in it, so workaround is to have both DHCP configured.

 

[bearhntr]

I don't think you are reading about Proxmox PVE for that, PVE in default install does not even pull DHCPv4. It's all static. PVE only does what it is told to do in Debian's /etc/network/interfaces. I do not have any such setup at hand here, definitely not with DHCPv6 (I normally use SLAAC with RA only).

I understand you hoped for tutorial kind of reply, maybe it comes later who runs PVE (or more likely just Debian) on Comcast. I do not want to copy paste from Google what I blindly believe should work, so all I did was pointed you to Debian docs and mentioned your setup is DHCPv6 (no SLAAC). You would have to experiment.



That's good, that simply means that PVE gets all it needs on the NIC, but it ignores it because it is not configured to touch IPv6. It just passed through the traffic for others to take advantage of the IPv6 autoconfiguration. It's really good learning experience to understand IPv6 better (and how it differs from v4 which it does especially no broadcast etc), then from there Debian's ifupdown configuration of it. I only warned you that you cannot keep IPv4 as static and set up IPv6 as you need since there's a bug in it, so workaround is to have both DHCP configured.

I will have to play with a static reservation for v6 on pfSense. Was never able to get it to work, since TRACK INTERFACE is used for the LAN. The WAN side from COMCAST is a 2001: /128 address and the LAN side gets a 2601: /64 address. So Much Fun.

 

[Deleted member 205422]

I will have to play with a static reservation for v6 on pfSense. Was never able to get it to work, since TRACK INTERFACE is used for the LAN. The WAN side from COMCAST is a 2001: /128 address and the LAN side gets a 2601: /64 address. So Much Fun.

Your issue is basically two-fold. One for the pfSense forum that you are sure you are passing/routing correctly the delegation you get from ISP.

The other I would post to Debian forum on how to set up ifupdown for IPv6 w/DHCP (not SLAAC, because most would probably use SLAAC, but I might be ISP based).

EDIT: Just I would add, you are likely alright with the first part if your hub-connected machines all are connected.

 

[bearhntr]

THANKS EVERYONE - I hope I have it all sorted.

Now for one last question - I hope for now... lol

I want to put either pfSense or OpenWRT on this box. I plan to leave the 'on-board NIC' for host access (the web console), and use 2 of the 4-port NIC card for WAN and LAN( 4f0 and 4f1).

How do I set them up? Do I need to create a Linux Bridge for both? Do I need to assign anything in the CIDR stuff? I am thinking at some point I will use one more port to pull the WiFi out into its own segment (of IPs) but it will need to be able to talk to the wired stuff (servers and other things in my home).

As my pfSense currently runs on an HP t620+ ThinClient with an added 2-port NIC (the on-board is disabled in BIOS...as when I started with pfSense it would not see it without a bunch of patching, etc.). One port on that 2-port card is WAN and the other LAN. pfSense during setup asks you to choose which is which.