Difficulty with IPv6 Configuration

N

nornic

New Member
Nov 18, 2024
4
0
1
Hello everyone,

I am having some issues with the network configuration of my Proxmox host, particularly with IPv6 setup. My provider has assigned me a /48 subnet, which is routed to the link-local address of the Proxmox host.

Here is what I am trying to achieve:
  • The Proxmox host should receive an IPv6 address.
  • I have a pfSense VM that should receive its own IPv6 address.
  • This pfSense VM should manage a LAN with a /64 subnet.
My current /etc/network/interfaces file is configured as follows:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address [my_public_ipv4]/25
        gateway [gateway_ipv4]
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

iface eno1 inet6 static
        address [my/48]::1/48
        gateway fe80::1
        up ip -6 route add [my/48]::/64 via [link_local_pfsense] dev vmbr0

auto vmbr0
iface vmbr0 inet static
        address [another_public_ipv4_subnet]/31
        bridge-ports none
        bridge-stp off
        bridge-fd 0

iface vmbr0 inet6 static
        address [my/48]:400::1/64

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

source /etc/network/interfaces.d/*

I have enabled IPv6 forwarding in
Code: 
/etc/sysctl.conf.

The pfSense VM is now online, but devices in the LAN behind the pfSense VM are behaving strangely. Some devices are not being firewalled correctly, and I can ping them from outside the network, which shouldn't be possible. Moreover, I can't seem to block this traffic via the pfSense firewall.

Could anyone please assist me with this? I'm stuck at this point.
 
Could it have something to do with the Router Advertisement? When I assign a static IPv6 address to a host, it seems to work without any issues. As soon as i turn off Router Advertisement and DHCPv6 it seem to work great. Any Ideas why?
 
Last edited:
I can't get even static IPv6 to work properly for love nor money.

My static configuration is almost identical to the one here, though I only have a /64 so I'm dividing that up.

The only way I can get it to work is if, within the proxmox host, I constantly (or near constantly) ping the guest's IPv6 configured address. If I don't do that, packets don't get routed outside the subnet on vmbr0.

Is this some sort of ARP/NDP issue?

I have a small (/30) IPv4 block that works on static with no issues. It's only the IPv6 I'm having troubles with.
 
VA1DER said:
I can't get even static IPv6 to work properly for love nor money.

...

Is this some sort of ARP/NDP issue?

I have a small (/30) IPv4 block that works on static with no issues. It's only the IPv6 I'm having troubles with.
Click to expand...

To answer my own issue, it was indeed NDP. I am new-ish to IPv6 and didn't realize the kernel's handling of proxy_ndp was so lobotomized compared to proxy_arp. My solution, which may work for the OP here too, is to use ndppd to properly proxy NDP Neighbor Solicitations.

I have a /64, a:b:c:d::/64. I sectioned off a /72 for all my VMs with the intention of giving each one a /80. So vmbr0 has a:b:c:d:cc00::1/72 and each VM gets a:b:c:d:cc01::/80, cc02::/80, etc. Technically that places each VM's gateway outside its address space requiring an onlink route.

My ndppd config is:

Code: 
proxy eth0 {
    rule a:b:c:d:cc00::/72 {
        iface vmbr0
    }
}
proxy vmbr0 {
   rule a:b:c:d::1/128 {
      static
   }
}
 
You must log in or register to reply here.
Top Bottom