IPv6 gateway outside of the subnet.

K

Krakox44

New Member
Oct 11, 2024
4
0
1
Hi guys, I'm trying to assign a /64 subnet for each VM that I create from a bigger /44, the issue is that the gateway I have is on a different block, how can I solve this?

Is link-local something viable?
 
Yes,

you can use the link-local address of the gateway as the default GW for the host, this is common practice. VMs then have the hosts Global Unicast Address as their gateway. Just make sure ipv6 forwarding is enabled on the host.
Code: 
# add this to /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1

# then
sysctl -p


So on the host you have
Code: 
ip -6 route add default via fe80::external_gateway_ll%<IFACE>

and in the VMs it would look something like
Code: 
ip -6 addr add 2001:db8:1::1/64 dev <VM_IFACE>
2001:db8:1::1 is a placeholder for whatever the Global Unicast Address of the PVE host is.

you can get the your GUA address of the host with
Code: 
ip -6 addr show dev <IFACE>
 
The VMs keep the CIDR and IPs you want them to have, the idea is just to tell them to route their traffic through the PVE host, you could also use the hosts link-local address it has on the bridge. And the host then forwards everything to the gateway using the gateways link-local address.

ip -6 addr add 2001:db8:1::1/64 dev <VM_IFACE> is to set the VMs gateway to be the PVE host. Maybe I am missing something?
 
Hannes Laimer said:
6 route add default via fe
Click to expand...
Hannes Laimer said:
The VMs keep the CIDR and IPs you want them to have, the idea is just to tell them to route their traffic through the PVE host, you could also use the hosts link-local address it has on the bridge. And the host then forwards everything to the gateway using the gateways link-local address.

ip -6 addr add 2001:db8:1::1/64 dev <VM_IFACE> is to set the VMs gateway to be the PVE host. Maybe I am missing something?
Click to expand...

Right not my gateway is the IP in the different subnet than the /64's I want to assign to each vm.

The issue is that even tho I add the GUA as specified by you (which is actually the same IPv6 that the node is using to go out public), the Ipv6 connectivity is not working.
 
Ohh, I'm sorry. The command does not set the gateway...

Code: 
ip -6 route add default via <PVE_HOST_IPV6_LL_ADDRESS>%<VM_IFACE>
this(in each VM) should, <VM_IFACE> may be different for each VM.
Note: you actually need to use the host's link-local address, as its IP is not on the same subnet as the VMs, sorry about the confusion.

Also, you'll have to enable NDP proxying on the host with
Code: 
# in /etc/sysctl.conf
net.ipv6.conf.all.proxy_ndp=1

# reload
sysctl -p
and
Code: 
ip -6 neigh add proxy <VM_IPV6_ADDRESS> dev <BRIDGE_IFACE>
for each VM on the host.

Make sure you have IPv6 forwarding enabled on the host
Code: 
# in /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
and the default gateway on the host is the link-local address of the external gateway
Code: 
ip -6 route add default via fe80::external_gateway_ll%<IFACE>
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back