[HELP] Cannot ping ProxMox IPv6 gateway from VM inside PFsense LAN

[Appollonius]

I hope someone could help me with this problem, as I have no clue and have been busy with this for almost 1,5 weeks now.
Currently I have an IPv4/IPv6 address from my datacenter, where I have 1 IPv4 address. Though I also got 1 IPv6 address + a /48 subnet that is routed to this IPv6 shared subnet address. The /48 subnet is an Global subnet, so it should be reachable from the public.

Currently I have installed Proxmox with the following settings on the VMBR0 (Bridged from the eno1 interface):

IPv4: 94.142.240.x/24
Gateway: 94.142.240.2xx

IPv6: 2a02:898:0:20::267:x/64
Gateway: 2a02:898:0:20::x

This works as I can reach the interface of course. But now I try to setup an network inside the ProxMox hypervisor, so I created another bridged interface (VMBR1) without a bridge to any of the physical interfaces.

Here are the details of VMBR1
IPv6: 2a02:898:267::1/64
No Gateway

I now come to the point where I made the PFsense VM, and connect it to the VMBR1 interface on the WAN side.
IPv6: 2a02:898:267::2/64
Gateway: 2a02:898:267::1

So here comes the problem...
From the WAN interface of PFsense I can ping the VMBR0 IP address (IPv6) but not the gateway.... What would be the solution to this? A ip route maybe?

I hope someone can help me with this issue, as I am not really an network expert, but try to learn it (Coming from the Linux side).

 

[Stoiko Ivanov]

This sounds like the following issue (please post your /etc/network/interfaces to give a better idea):

* you have configured 2 IP's from the same subnet 2a02:898:0:20::267:x/64 on 2 different interfaces
* this does not work (as expected) on linux
the kernel thinks that it can reach all ips in 2a02:898:0:20::267:x/64 (including the gateway) on both interfaces (I think the route that got added later is the one preferred) - then it tries to reach the gateway via vmbr1 (which is not connected to any nic) - and can't

simple solution would be -> use a different /64 for vmbr1 (you have 65536 of them anyways

I hope this helps!

 

[Appollonius]

This sounds like the following issue (please post your /etc/network/interfaces to give a better idea):

* you have configured 2 IP's from the same subnet 2a02:898:0:20::267:x/64 on 2 different interfaces
* this does not work (as expected) on linux
the kernel thinks that it can reach all ips in 2a02:898:0:20::267:x/64 (including the gateway) on both interfaces (I think the route that got added later is the one preferred) - then it tries to reach the gateway via vmbr1 (which is not connected to any nic) - and can't

simple solution would be -> use a different /64 for vmbr1 (you have 65536 of them anyways

I hope this helps!

Thanks for your reply, here is my /etc/network/interfaces file.

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
address 94.142.240.53
netmask 24
gateway 94.142.240.254
bridge-ports eno1
bridge-stp off
bridge-fd 0

iface vmbr0 inet6 static
address 2a02:898:0:20::267:1
netmask 64
gateway 2a02:898:0:20::1

auto vmbr1
iface vmbr1 inet6 static
address 2a02:898:267::1
netmask 64
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr2
iface vmbr2 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0

But will try your suggestion

So I changed the subnet:

VMBR1
IP: 2a02:898:267:1::1/64
Gateway none

VMBR1 on PFsense (WAN):
IP: 2a02:898:267:1::2/64
Gateway: 2a02:898:267:1::1

This works, but still cannot ping the gateway of the ProxMox host...

Also to clarify the 2a02:898:0:20::267:1/64 IP is the only IP I got from the datacenter for internet, because it is an shared subnet. So I dont have access to the whole subnet, but only this IP from that subnet (Weird sentence but OK). So therefore they made a /48 subnet and splitted this in 2/49 subnets (Because I have 2 servers). These are all routed through this 2a02:898:0:20::267:1/64 IP address, so I need this IP for internet access.

Also the host cannot ping the PFsense WAN interface, while it can ping the LAN side....

LOL one big LOL I needed to enable IPv6 forwarding in /etc/sysctl.conf well I am really scratching my head right now....

 

[Stoiko Ivanov]

Glad you found the problem

Please mark the thread as 'SOLVED' - this helps other users in a similar situation.

Thanks!

 

[Appollonius]

Glad you found the problem

Please mark the thread as 'SOLVED' - this helps other users in a similar situation.

Thanks!

Well i've got one more question, how do I connect to the proxmox host with IPv6? As putting in the Ipv6 IP in the browser is not working unfortunately..

EDIT:

I rebooted the host and now I just cant access the internet anymore from my internal Desktop VM, but the firewall can... What is going on here... Right now I just have a mindfuck as I only enabled IPv6 forwarding and nothing else

 

[Stoiko Ivanov]

Well i've got one more question, how do I connect to the proxmox host with IPv6? As putting in the Ipv6 IP in the browser is not working unfortunately..

PVE needs to have an entry in /etc/hosts for the IP <-> hostname (`uname -n`) matching