Accepting RA on LXC

[Kritnich]

I have recently attempted to connect the Ubuntu 20.04 LXC containers on my Proxmox 6.2 host via IPv6. My goal was to provide the containers with their addresses via DHCPv6, so I set up a dnsmasq with router advertisements to do the job.

The issue I am running into now is that, despite being set to IPv6 via DHCP in the web interface, the containers have router advertisements disabled in both sysctl and systemd-networkd like this:

# cat /etc/systemd/network/eth0.network
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
DHCP = both
IPv6AcceptRA = false

# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 0

When I manually set both these values to true and 1 respectively and restart systemd-networkd, everything works as it should, but unfortunately that isn't reboot-proof.

Is this a bug or is there an option in the web interface or configuration somewhere that controls this behavior? Thank you in advance!

 

[Stoiko Ivanov]

IPv6AcceptRA = false

This value gets set to true only if you've set the ipv6 configuration to 'auto' and not to 'dhcp'

I hope this helps!

 

[Shannon Barber]

With 7.4-16 I have an Ubuntu container set to IPv6 DHCP and IPv6AcceptRA remains set to false.
It was set to static at container creation then changed to DHCP.
If I remove IPv6AcceptRA = false from the config file it comes back next reboot.

The IPv6 settings almost should be Static, RA, Forced-SLAAC, and Forced-DHCP with the default as RA.
(For completeness IPv4 should have a Private Network option which does the 169.254 link-local thing.)



INTG (ubuntu v22.04)
user@av.v21:~
$ cat /etc/systemd/network/eth0.network
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
DHCP = yes
IPv6AcceptRA = false

 

[domi2]

Still the same here on Proxmox 8.0.4.

I fixed IPv6 by setting the parameter to true and executing "touch /etc/systemd/network/.pve-ignore.eth0.network". The file now persists without Proxmox resetting the parameter on boot. I'm not sure if that is considered the "correct" solution though since it seems like quite a hack just to get IPv6 working in LXC. I'm also not sure why systemd-networkd is not requesting a IPv6 address since DHCP is set to yes and according to the documentation it should request both if set to yes:

DHCP=
Enables DHCPv4 and/or DHCPv6 client support. Accepts "yes", "no", "ipv4", or "ipv6". Defaults to "no".

Note that DHCPv6 will by default be triggered by Router Advertisements, if reception is enabled, regardless of this parameter. By explicitly enabling DHCPv6 support here, the DHCPv6 client will be started in the mode specified by the WithoutRA= setting in the [DHCPv6] section, regardless of the presence of routers on the link, or what flags the routers pass. See IPv6AcceptRA=.

I do agree with @Shannon Barber though that it should be possible to enable RA from the UI. I get not having it enabled for regular DHCPv6 but I don't get why it doesn't request an IP then.

 

[Shannon Barber]

To be clear we should not have to enable RA. RA is the required default behavior.

As-is Proxmox does NOT support IPv6 because manual configuration override is required for all nodes for any proper IPv6 net.

 

[artur]

Still the same here on Proxmox 8.0.4.

I fixed IPv6 by setting the parameter to true and executing "touch /etc/systemd/network/.pve-ignore.eth0.network". The file now persists without Proxmox resetting the parameter on boot. I'm not sure if that is considered the "correct" solution though since it seems like quite a hack just to get IPv6 working in LXC. I'm also not sure why systemd-networkd is not requesting a IPv6 address since DHCP is set to yes and according to the documentation it should request both if set to yes:



I do agree with @Shannon Barber though that it should be possible to enable RA from the UI. I get not having it enabled for regular DHCPv6 but I don't get why it doesn't request an IP then.

Thanks a lot for the tip. I was trying to get this working for hours, until I found your post.
Such a simple thing to do. Set a static IP for a service and use RA.

It works, but I agree; its hacky.


I have created a PR which enables RA, if an IPv6 address is specified, but not gateway is set:
https://github.com/proxmox/pve-container/pull/1

 

[austonpramodh]

This is still an issue for me, Whenever docker starts, ip6 default route disappears. I wrote a start up hook script.

I will keep checking if it works good, if it doesn't will post again.

/var/lib/vz/snippets/ipv6_accept_ra_fix.pl

#!/usr/bin/perl


# Ref: https://pve.proxmox.com/pve-docs/chapter-pct.html#_hookscripts
# Ref: Example: /usr/share/pve-docs/examples/guest-example-hookscript.pl
# Ref: https://forum.proxmox.com/threads/change-remove-hookscript-from-lxc-container.97567/#post-422023
# Ref: https://forum.proxmox.com/threads/post-start-script-for-lxc.36289/#post-504847
# Example hook script for PVE guests (hookscript config option)
# You can set this via pct/qm with
# pct set <vmid> -hookscript <volume-id>
# qm set <vmid> -hookscript <volume-id>
# where <volume-id> has to be an executable file in the snippets folder
# of any storage with directories e.g.:
# qm set 100 -hookscript local:snippets/hookscript.pl

use strict;
use warnings;

print "IPv6 Accept_RA=2 lxc fix: " . join(' ', @ARGV). "\n";

# First argument is the vmid

my $vmid = shift;

# Second argument is the phase

my $phase = shift;

if ($phase eq 'pre-start') {

    # First phase 'pre-start' will be executed before the guest
    # is started. Exiting with a code != 0 will abort the start

    print "$vmid is starting, doing preparations.\n";

    # print "preparations failed, aborting."
    # exit(1);

} elsif ($phase eq 'post-start') {

    # Second phase 'post-start' will be executed after the guest
    # successfully started.

    print "$vmid started successfully.\n";

    #system("pct exec $vmid -- sysctl -w net.ipv6.conf.eth0.accept_ra=2");
    system("pct exec $vmid -- sh -c 'sleep 2 && sysctl -w net.ipv6.conf.eth0.accept_ra=2'");
} elsif ($phase eq 'pre-stop') {

    # Third phase 'pre-stop' will be executed before stopping the guest
    # via the API. Will not be executed if the guest is stopped from
    # within e.g., with a 'poweroff'

    print "$vmid will be stopped.\n";

} elsif ($phase eq 'post-stop') {

    # Last phase 'post-stop' will be executed after the guest stopped.
    # This should even be executed in case the guest crashes or stopped
    # unexpectedly.

    print "$vmid stopped. Doing cleanup.\n";

} else {
    die "got unknown phase '$phase'\n";
}

exit(0);

pct set <CTID> --hookscript local:snippets/ipv6_accept_ra_fix.pl