[Disabled] IPv6 remains present on LXC container

C

Chris Lockwood

Member
Dec 15, 2018
10
2
21
42
I realise the topic of disabling IPv6 on LXC guests has been done before, but I am really stumped by what is happening on my system, hopefully someone can shed light on what is going on.

Firstly (because people will want to know) the reason for disabling IPv6 is purely to solve an Intel AMT activation issue I have with Meshcentral, everything works fine when device agents register via IPv4 but not with IPv6.

I have disabled IPv6 on the node itself following the recommended method as stated in the official documentation.

Bash: 
root@proxmox:/etc/sysctl.d# cat /etc/sysctl.d/disable-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
root@proxmox:/etc/sysctl.d# grep -r . /proc/sys/net/ipv6/conf/*/disable_ipv6
/proc/sys/net/ipv6/conf/all/disable_ipv6:1
/proc/sys/net/ipv6/conf/default/disable_ipv6:1
/proc/sys/net/ipv6/conf/enp1s0f1/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwbr101i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwbr102i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwln101i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwln102i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwpr101p0/disable_ipv6:1
/proc/sys/net/ipv6/conf/fwpr102p0/disable_ipv6:1
/proc/sys/net/ipv6/conf/lo/disable_ipv6:1
/proc/sys/net/ipv6/conf/tap101i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/veth100i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/veth102i0/disable_ipv6:1
/proc/sys/net/ipv6/conf/vmbr0/disable_ipv6:1

For the LXC container I have left the IPv6 address as static and set to "None".
1658309280413.png
However none of this seems to make a difference - My LXC container still fires up with an auto generated address, even trying the same trick of disabling IPv6 within the container fails.

Bash: 
root@meshcentral:~# cat /etc/sysctl.d/disable-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
root@meshcentral:~# grep -r . /proc/sys/net/ipv6/conf/*/disable_ipv6
/proc/sys/net/ipv6/conf/all/disable_ipv6:1
/proc/sys/net/ipv6/conf/default/disable_ipv6:1
/proc/sys/net/ipv6/conf/eth0/disable_ipv6:0
/proc/sys/net/ipv6/conf/lo/disable_ipv6:1
root@meshcentral:~# ip -6 address
2: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::5452:d5ff:fe79:f351/64 scope link
       valid_lft forever preferred_lft forever
root@meshcentral:~#

This issue proving really problematic - It does not seem unreasonable to disable IPv6, our environment is isolated (production lab network) and so does not require the additional address space.
 
This flag only disables the automatically (kernel-)generated link local address for the particular interface it is set on. It does not affect networking or the processing of IPv6 packets in any way. It's still up to the container to choose what to send over the interface. You'll need to disable it within the container, and how to do that will depend on the way the container performs its network setup (ifupdown vs systemd-networkd etc.). In your final paste you can see that `eth0`'s `disable_ipv6` is actually still 0.
 
Many thanks for the swift reply.

I am using the Ubuntu 22.04 LTS image for my container, on the basis that it will have some longevity. Casual research via other platform specific forums suggests the most reliable method to disable IPv6 is via GRUB, but since this is an LXC container that route appears unavailable.
 
Last edited:
wbumiller said:
You'll need to disable it within the container, and how to do that will depend on the way the container performs its network setup (ifupdown vs systemd-networkd etc.). In your final paste you can see that `eth0`'s `disable_ipv6` is actually still 0.
Click to expand...

Ok - So it seems adding LinkLocalAddressing = no to /etc/systemd/network/eth0.network and restarting the network stack does the job.

However reboot the container and the above line has disappeared from the configuration, and frustratingly IPv6 is back!

Bash: 
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
Address = 192.168.16.7/24
Gateway = 192.168.16.1
DHCP = no
IPv6AcceptRA = false

The Description = Interface eth0 autoconfigured by PVE entry is suspect, and gives me reason to wonder whether the node is overwriting my configuration on boot, if this is the case can you advise on a workaround?
 
  • Like
Reactions: LinuxCuba
Advice from the following thread has helped me out in the end.

https://forum.proxmox.com/threads/network-settings-ct-template-ubuntu-20-04.82813/post-364383

I mean it is a very crude work around, and does not feel like it should be necessary, probably disabling IPv6 is something that we should be able to do via the Proxmox interface.

For the sake of clarity running the following command within the container prevents Proxmox from overriding the network config.

touch /etc/systemd/network/.pve-ignore.eth0.network
 
Last edited:
  • Like
Reactions: LinuxCuba
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back