On Proxmox 8.1.4 and 8.1.10, a privacy IPv6 address is being issued to a bridge even though, according to the Debian man page, that feature is disabled both systemwide as well as on the bridge itself. This IP address is not shown in PVE's web GUI.
Here's the relevant portion of /etc/network/interfaces:
vmbr999 is being used to pipe a connection to an ISP box into a VM running OPNsense, but I don't want Proxmox itself to touch that interface. An IPv4 is being obtained by OPNsense inside its VM, which itself is not configured to use IPv6 on that interface.
According to the man page, this shouldn't be happening:
Here's the full sysctl output for that bridge:
Package versions:
Here's the relevant portion of /etc/network/interfaces:
Code:
auto vmbr999
iface vmbr999 inet manual
bridge-ports enp4s0f1
bridge-stp off
bridge-fd 0
#Bridge OPNsense - ISP boxvmbr999 is being used to pipe a connection to an ISP box into a VM running OPNsense, but I don't want Proxmox itself to touch that interface. An IPv4 is being obtained by OPNsense inside its VM, which itself is not configured to use IPv6 on that interface.
ip a in Proxmox is showing a valid IPv6, but not an IPv4, address for vmbr999 which has been obtained from the ISP box on that interface:
Code:
12: vmbr999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0e:1e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/64 scope global dynamic mngtmpaddr
valid_lft 86153sec preferred_lft 86153sec
inet6 fe80::20e:1eff:fe0a:5599/64 scope link
valid_lft forever preferred_lft foreverAccording to the man page, this shouldn't be happening:
Code:
# sysctl net.ipv6.conf.all.use_tempaddr
net.ipv6.conf.all.use_tempaddr = 0Here's the full sysctl output for that bridge:
Code:
# sysctl net.ipv6.conf.vmbr999
net.ipv6.conf.vmbr999.accept_dad = 1
net.ipv6.conf.vmbr999.accept_ra = 1
net.ipv6.conf.vmbr999.accept_ra_defrtr = 1
net.ipv6.conf.vmbr999.accept_ra_from_local = 0
net.ipv6.conf.vmbr999.accept_ra_min_hop_limit = 1
net.ipv6.conf.vmbr999.accept_ra_min_lft = 0
net.ipv6.conf.vmbr999.accept_ra_mtu = 1
net.ipv6.conf.vmbr999.accept_ra_pinfo = 1
net.ipv6.conf.vmbr999.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.vmbr999.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.vmbr999.accept_ra_rtr_pref = 1
net.ipv6.conf.vmbr999.accept_redirects = 1
net.ipv6.conf.vmbr999.accept_source_route = 0
net.ipv6.conf.vmbr999.accept_untracked_na = 0
net.ipv6.conf.vmbr999.addr_gen_mode = 0
net.ipv6.conf.vmbr999.autoconf = 1
net.ipv6.conf.vmbr999.dad_transmits = 1
net.ipv6.conf.vmbr999.disable_ipv6 = 0
net.ipv6.conf.vmbr999.disable_policy = 0
net.ipv6.conf.vmbr999.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.vmbr999.drop_unsolicited_na = 0
net.ipv6.conf.vmbr999.enhanced_dad = 1
net.ipv6.conf.vmbr999.force_mld_version = 0
net.ipv6.conf.vmbr999.force_tllao = 0
net.ipv6.conf.vmbr999.forwarding = 0
net.ipv6.conf.vmbr999.hop_limit = 64
net.ipv6.conf.vmbr999.ignore_routes_with_linkdown = 0
net.ipv6.conf.vmbr999.ioam6_enabled = 0
net.ipv6.conf.vmbr999.ioam6_id = 65535
net.ipv6.conf.vmbr999.ioam6_id_wide = 4294967295
net.ipv6.conf.vmbr999.keep_addr_on_down = 0
net.ipv6.conf.vmbr999.max_addresses = 16
net.ipv6.conf.vmbr999.max_desync_factor = 600
net.ipv6.conf.vmbr999.mc_forwarding = 0
net.ipv6.conf.vmbr999.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.vmbr999.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.vmbr999.mtu = 1500
net.ipv6.conf.vmbr999.ndisc_evict_nocarrier = 1
net.ipv6.conf.vmbr999.ndisc_notify = 0
net.ipv6.conf.vmbr999.ndisc_tclass = 0
net.ipv6.conf.vmbr999.proxy_ndp = 0
net.ipv6.conf.vmbr999.ra_defrtr_metric = 1024
net.ipv6.conf.vmbr999.regen_max_retry = 3
net.ipv6.conf.vmbr999.router_probe_interval = 60
net.ipv6.conf.vmbr999.router_solicitation_delay = 1
net.ipv6.conf.vmbr999.router_solicitation_interval = 4
net.ipv6.conf.vmbr999.router_solicitation_max_interval = 3600
net.ipv6.conf.vmbr999.router_solicitations = -1
net.ipv6.conf.vmbr999.rpl_seg_enabled = 0
net.ipv6.conf.vmbr999.seg6_enabled = 0
net.ipv6.conf.vmbr999.seg6_require_hmac = 0
net.ipv6.conf.vmbr999.suppress_frag_ndisc = 1
net.ipv6.conf.vmbr999.temp_prefered_lft = 86400
net.ipv6.conf.vmbr999.temp_valid_lft = 604800
net.ipv6.conf.vmbr999.use_oif_addrs_only = 0
net.ipv6.conf.vmbr999.use_tempaddr = 0Package versions:
Code:
proxmox-ve: 8.1.0 (running kernel: 6.5.13-3-pve)
pve-manager: 8.1.10 (running version: 8.1.10/4b06efb5db453f29)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.5.13-3-pve-signed: 6.5.13-3
proxmox-kernel-6.5: 6.5.13-3
proxmox-kernel-6.5.13-1-pve-signed: 6.5.13-1
proxmox-kernel-6.5.11-8-pve-signed: 6.5.11-8
proxmox-kernel-6.5.11-4-pve-signed: 6.5.11-4
ceph-fuse: 18.2.0-pve2
corosync: 3.1.7-pve3
criu: 3.17.1-2
dnsmasq: 2.89-1
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx8
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.0
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.3
libpve-access-control: 8.1.3
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.5
libpve-cluster-perl: 8.0.5
libpve-common-perl: 8.1.1
libpve-guest-common-perl: 5.0.6
libpve-http-server-perl: 5.0.6
libpve-network-perl: 0.9.6
libpve-rs-perl: 0.8.8
libpve-storage-perl: 8.1.4
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve4
novnc-pve: 1.4.0-3
proxmox-backup-client: 3.1.5-1
proxmox-backup-file-restore: 3.1.5-1
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.5
proxmox-widget-toolkit: 4.1.5
pve-cluster: 8.0.5
pve-container: 5.0.9
pve-docs: 8.1.5
pve-edk2-firmware: 4.2023.08-4
pve-firewall: 5.0.3
pve-firmware: 3.9-2
pve-ha-manager: 4.0.3
pve-i18n: 3.2.1
pve-qemu-kvm: 8.1.5-4
pve-xtermjs: 5.3.0-3
qemu-server: 8.1.1
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.3-pve1
Last edited: