How to setup Proxmox for IPv6 in my HomeNet?

W

Willi_H

Member
Apr 9, 2021
9
0
6
41
Hi there,
I have with the help of the great tutorials here but also on the Internet and Youtube set up the following setup.
network.png
You can see here my home network based on IPv4, which then edits the DNS server of my web hoster through a small php script and cron and thus also realizes an own dynDNS. Because now the dark time of the year has begun, I have set in my head my connection and the HomeNet also with IPv6 to provide. Unfortunately, my provider gives me only a dynamic prefix with IPv6 /56. After now 1 week of searching and reading, I still have not managed to realize a connection. The appropriate IPv6 prefixes to /57 and 0x5 for VLAN-1, 0x6 for VLAN-2 and 0x7 for VLAN-3 are given to the devices, but an assignment by the DHCPv6 does not happen. But also a connection only with IPv6 to outside does not work.

Long story short question: Can you please tell me the settings of the proxmox to the above scheme? I know that also with OPNsense something could seem wrong. But I would like to understand independently of the troubleshooting once how you would do this.

This is the actual /etc/networks/interfaces:
Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
#only WAN

auto eth1
iface eth1 inet manual

auto eth2
iface eth2 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves eth1 eth2
        bond-miimon 100
        bond-mode balance-rr
#network bond

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#one4all

auto vmbr100
iface vmbr100 inet manual
        bridge-ports eth0
        bridge-stp off
        bridge-fd 0
#WAN

auto vmbr0.1
iface vmbr0.1 inet static
        address 10.10.10.20/24
        gateway 10.10.10.1
#management over vlan1

I would be super grateful to you for this.
 
My Proxmox gets the IPv6 from my Openwrt router using DHCPv6 and all the VMs also gets their global IPv6 addresses from the router. My VPN VM is IPv6 inbound only even though I have a public IPv4. Dynamic IPv6 does not matter since I only match the last static prefix in the router firewall and use the script to update the DynDNS hostname.
 
saud said:
My Proxmox gets the IPv6 from my Openwrt router using DHCPv6 and all the VMs also gets their global IPv6 addresses from the router. My VPN VM is IPv6 inbound only even though I have a public IPv4. Dynamic IPv6 does not matter since I only match the last static prefix in the router firewall and use the script to update the DynDNS hostname.
Click to expand...
Thanks for your input and it makes me feel positive that it should work.

I would still like to know what your configuration looks like in Proxmox. If possible also a short explanation why.

I noticed that Proxmox does not record the DHCP info correctly (see also thread). So the link local with fe80::x:x:x:x/64 of each interface is created, but the one given by the DHCP is not. Only when I use
Bash: 
dchlient -6 -v vmbr0.1
a correct IPv6 is "pulled".

Also to avoid misunderstandings. Jellifyn e.g. is reachable by IPv4 and the appropriate rules and settings in the nginx proxy from outside. Adguard and Homeassistant only internally, but on a fixed IP or via dns. I would also like to realize this with IPv6. And no, I do not want to use VPN for this.
 
This is my interfaces file for Proxmox, it also changes the port 8006 to default 443 this way you don't have to type the port in the address bar.

Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
allow-hotplug vmbr0
iface vmbr0 inet dhcp
    gateway 10.88.88.1
    bridge-ports eth0
    bridge-stp off
    bridge-fd 0
    post-up iptables -t nat -A PREROUTING -p tcp -d 10.88.88.11 --dport 443 -j REDIRECT --to-ports 8006

iface vmbr0 inet6 dhcp
    gateway fd88::1
    post-up ip6tables -t nat -A PREROUTING -p tcp -d fd88::11 --dport 443 -j REDIRECT --to-ports 8006

Finally don't forget to add net.ipv6.conf.vmbr0.accept_ra=2 to your /etc/sysctl.conf file and reboot ProxMox.

Dont forget to add this fix https://forum.proxmox.com/threads/l...rating-new-ipv6-duid-for-every-reboot.129429/

Now your devices should be able to get an IPv4 / IPv6 address from your router.

I use Debian for all my servers and if you are looking to setup your server and router firewall with dynamic IPv6 prefix you can use the guide here.
 
Last edited by a moderator:
Hi, I have a similar setup like @Willi_H without VLANs (Deutsche Telekom VDSL internet socket with /56 dynamic IPv6 prefix).

After my Fritz!Box died I had to setup an OpenWRT VM (like OPNsense in @Willi_Hs setup). The PCIe-NICs of the VDSL modem and the WiFi-NICs are passed through to OpenWRT.
My problem is to assign a static IPv6 ULA address to vmbr0 with additional auto configuration of global dynamic IPv6 addresses.

Code: 
root@pve:~# cat /etc/sysctl.d/98-ipv6-accept-ra.conf
net.ipv6.conf.vmbr0.accept_ra=2

Code: 
root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    post-up  iptables  -t nat --append PREROUTING --protocol tcp --destination ${IF_ADDRESS%/*} --dport 443 -j REDIRECT --to-ports 8006
    pre-down iptables  -t nat --delete PREROUTING --protocol tcp --destination ${IF_ADDRESS%/*} --dport 443 -j REDIRECT --to-ports 8006
# LAN

iface vmbr0 inet6 static
    address fd00:0:0:1::2/24
    accept_ra 1
    autoconf 1
    dhcp 1
    privext 2
    post-up  ip6tables -t nat --append PREROUTING --protocol tcp --destination fd00:0:0:1::2   --dport 443 -j REDIRECT --to-ports 8006
    pre-down ip6tables -t nat --delete PREROUTING --protocol tcp --destination fd00:0:0:1::2   --dport 443 -j REDIRECT --to-ports 8006

source /etc/network/interfaces.d/*

While VMs and physical clients get IPv6 addresses via SLAAC/DHCPv6 from the OpenWRT-VM, Proxmox doesn't.

Does anyone have an idea how to configure vmbr0 with a static ULA address and getting gateway and global addresses dynamically via SLAAC/DHCPv6?
 
Last edited:
encryptedserver said:
You are using a static config, you can use IPv6 token to add static suffix to your proxmox host.

Code: 
    accept_ra 2
    up ip token set ::71c6:b34f:8e2a:54f5 dev vmbr0
Click to expand...
Thanx for your suggestion! :)

This works on a plain Debian VM:
Code: 
auto lo
iface lo inet loopback

allow-hotplug enp6s18
iface enp6s18 inet static
    address 192.168.1.3/24
    gateway 192.168.1.1

iface enp6s18 inet6 static
    address fd00:0:0:1::3/64
    gateway fd00:0:0:1::1

iface enp6s18 inet6 auto

This does not work on Proxmox:
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual
# LAN interface

auto vmbr0
allow-hotplug vmbr0
iface vmbr0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    post-up  iptables  -t nat --append PREROUTING --protocol tcp --destination ${IF_ADDRESS%/*} --dport 443 -j REDIRECT --to-ports 8006
    pre-down iptables  -t nat --delete PREROUTING --protocol tcp --destination ${IF_ADDRESS%/*} --dport 443 -j REDIRECT --to-ports 8006
# LAN bridge

iface vmbr0 inet6 dhcp

My current setup:
Draytek Vigor 132 PCIe VDSL modem -> Proxmox PCIe passthrough -> OpenWRT VM -> eth1 -> PPPoE -> Routing -> br-lan -> eth0 -> Proxmox vmbr0 -> eno1 -> Ethernet switch -> physical LAN devices

IPv4 works but IPv6 does not get any address assignment besides link-local.

How can I use dynamic global IPv6 addresses on Proxmox + a static ULA IPv6 address to make sure PVE is reachable if the OpenWRT VM is stopped?
Thanx for any hint! :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back