Running on Proxmox Virtual Environment 8.4.14. It's a three node Proxmox cluster, on each node there is OPNSense VM.
I'm trying to configure IPv6, I've watched the following tutorial: https://www.youtube.com/watch?v=GhaGO83VIz0
Also watched others + went through the Hetzner docs etc.
I'm not planing to use DHCPv6 or Router Advertisements (both disabled in the OPNSense, no VLANs etc. At least in the beginning I would like to manually configure everything to get a feel for IPv6.
The Hetzner Robot UI shows the following subnet:
The network interfaces file on Node 1:
Using OPNSense (25.7):
System > Gateways > Configuration:
Interfaces > [LAN]:
Interfaces > [WAN]:
Interfaces > Assignments:
Firewall > Rules > WAN:
For testing purposesI've added the following:
But I also have a Rule which allows everything from the other Proxmox Nodes.
For the VM, inside Proxmox Cloud-init tab, I've set:
IPv6/CIDR
Gateway
In the Proxmox datacenter Firewall:
> I also tried (for testing purposes):
Unfortunately I'm stuck with the following state:
On Proxmox Host:
> The same error for pinging
On VM:
> I get the same error when pinging
On OPNSense:
Interfaces > Diagnostics > Ping
The others ( ::2, ::3 and ipv6.google.com) fail with:
I don't see anything being blocked in the Firewall > Log Files > Live View.
Appreciate any help.
I'm trying to configure IPv6, I've watched the following tutorial: https://www.youtube.com/watch?v=GhaGO83VIz0
Also watched others + went through the Hetzner docs etc.
I'm not planing to use DHCPv6 or Router Advertisements (both disabled in the OPNSense, no VLANs etc. At least in the beginning I would like to manually configure everything to get a feel for IPv6.
The Hetzner Robot UI shows the following subnet:
2a01:XXXX:XXXX:124b::/64The network interfaces file on Node 1:
Code:
cat /etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp0s31f6
iface enp0s31f6 inet static
address 88.XXX.XXX.54
netmask 255.255.255.192
gateway 88.XXX.XXX.1
mtu 1500
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p tcp -m multiport ! --dport 22,8006,179 -j DNAT --to 10.10.10.2
post-up iptables -t nat -A PREROUTING -i enp0s31f6 -p udp -m multiport ! --dport 5405:5412,4789 -j DNAT --to 10.10.10.2
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
iface enp0s31f6 inet6 static
address 2a01:XXXX:XXXX:124b::2/128
gateway fe80::1
auto vmbr10
iface vmbr10 inet static
address 10.10.10.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.2/32' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.2/32' -o enp0s31f6 -j MASQUERADE
# OPNSense WAN - Proxmox LAN
iface vmbr10 inet6 static
address 2a01:XXXX:XXXX:124b::3/127
up ip route add 2a01:XXXX:XXXX:124b::/64 via 2a01:XXXX:XXXX:124b::4
auto vmbr11
iface vmbr11 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
# VM Net
iface vmbr11 inet6 manual
source /etc/network/interfaces.d/*Using OPNSense (25.7):
System > Gateways > Configuration:
Code:
Name: WAN_GW_2
Interface: WAN
Address Family: IPv6
IP Address: 2a01:XXXX:XXXX:124b::3
Upstream Gateway: x
Far Gateway: x
Disable Gateway Monitoring: xInterfaces > [LAN]:
Code:
Enable: x
Lock: x
Device: vtnet1
IPv4 Configuration Type: Static IPv4
IPv6 Configuration Type: Static IPv6
IPv4 address: 10.1.1.1/24
IPv6 address: 2a01:XXXX:XXXX:124b:111::1/80Interfaces > [WAN]:
Code:
Enable: x
Lock: x
Device: vtnet0
IPv4 Configuration Type: Static IPv4
IPv6 Configuration Type: Static IPv6
IPv4 address: 10.10.10.2/30
IPv4 gateway rules: WAN_GW - 10.10.10.1
IPv6 address: 2a01:XXXX:XXXX:124b::4/127
IPv6 gateway rules: WAN_GW_2- 2a01:XXXX:XXXX:124b::3Interfaces > Assignments:
Code:
LAN vtnet1
WAN vtnet0Firewall > Rules > WAN:
For testing purposesI've added the following:
| Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
| IPv6 ICMP | * | * | * | * | * | Allow ICMPv6 |
For the VM, inside Proxmox Cloud-init tab, I've set:
IPv6/CIDR
2a01:XXXX:XXXX:124b:111::10/80Gateway
2a01:XXXX:XXXX:124b:111::1In the Proxmox datacenter Firewall:
| Type | Action | Protocol |
| out | Accept | IPv6 |
in Accept IPv6Unfortunately I'm stuck with the following state:
On Proxmox Host:
ping6 ipv6.google.com - worksping6 2a01:XXXX:XXXX:124b::2 - worksping6 2a01:XXXX:XXXX:124b::3 - worksping6 2a01:XXXX:XXXX:124b::4 - fails with:
Code:
PING 2a01:XXXX:XXXX:124b::4(2a01:XXXX:XXXX:124b::4) 56 data bytes
From 2a01:XXXX:XXXX:124b::2 icmp_seq=1 Time exceeded: Hop limitping6 2a01:XXXX:XXXX:124b:111:10 - fails with
Code:
ping6: 2a01:XXXX:XXXX:124b:111:10: Name or service not known2a01:XXXX:XXXX:124b:111:1On VM:
ping6 ipv6.google.com - fails with
Code:
PING ipv6.google.com(lcfraa-aa-in-x0e.1e100.net (2a00:1450:4001:81c::200e)) 56 data bytes
From _gateway (2a01:XXXX:XXXX:124b:111::1) icmp_seq=1 Destination unreachable: No route2a01:XXXX:XXXX:124b::2 and 2a01:XXXX:XXXX:124b::3ping6 2a01:4f8:10a:124b::4 - worksOn OPNSense:
Interfaces > Diagnostics > Ping
2a01:4f8:10a:124b::4 + IPv6 is the only one which worksThe others ( ::2, ::3 and ipv6.google.com) fail with:
UDP connect: No route to host I don't see anything being blocked in the Firewall > Log Files > Live View.
Appreciate any help.