Ipv6 UI?
- Thread starter dragon2611
- Start date
4.4-1/eb2d6f1e
If I can get IPv6 working properly then I might remove the IPv4 from VMBR0 and just add an RFC1918 address on VMBR1 instead and have it go through the pfSense VM for NAT (Free's up a public IP). But I'd want some way into the box if that VM isn't working hence wanting the V6 working.
SSH works on the V6 address.
Code:
127.0.0.1 localhost.localdomain localhost
109.xx.xx.xxx pve-rs1.mydomain.net pve-rs1 pvelocalhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Code:
root@pve-rs1:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
allow-vmbr0 eth0
iface eth0 inet manual
ovs_type OVSPort
ovs_bridge vmbr0
pre-up /sbin/ethtool -s eth0 autoneg off speed 100 duplex full
allow-vmbr2 eth1
iface eth1 inet manual
ovs_type OVSPort
ovs_bridge vmbr2
pre-up /sbin/ethtool -s eth1 autoneg off speed 100 duplex full
auto vmbr0
iface vmbr0 inet static
address 109.xxx.xxx.xxx
netmask 255.255.xxx.xxx
gateway 109.xxxx.xxx.xxx
ovs_type OVSBridge
ovs_ports eth0
iface vmbr0 inet6 static
address 2001:1b40:xxxx:xxx::2
netmask 64
gateway 2001:1b40:xxxx:xxxx::1
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
#Internal
auto vmbr2
iface vmbr2 inet manual
ovs_type OVSBridge
ovs_ports eth1
#RSport2If I can get IPv6 working properly then I might remove the IPv4 from VMBR0 and just add an RFC1918 address on VMBR1 instead and have it go through the pfSense VM for NAT (Free's up a public IP). But I'd want some way into the box if that VM isn't working hence wanting the V6 working.
SSH works on the V6 address.
I would like to know why mine's doing the same thing. My config is similiar (exact same version), only using openvswitch.
Adding my IPv6 address to /etc/hosts made it then only bind to the v6 address.
Additionally, now that I've populated my DNS with AAAA records, I can't run consoles now, as they attempt to connect to the IPv6 address and fail.
ip link ls shows correct addressing, I can ssh into the host, etc.
Adding my IPv6 address to /etc/hosts made it then only bind to the v6 address.
Additionally, now that I've populated my DNS with AAAA records, I can't run consoles now, as they attempt to connect to the IPv6 address and fail.
ip link ls shows correct addressing, I can ssh into the host, etc.
Last edited:
So, digging some more into PVE/Service/pveproxy.pm (and hence PVE/Tools.pm (and haven't delved deeper)), but it would seem to me this line is the issue?
I have no idea why it returns only the first element in the hash as returned by Socket::getaddrinfo, and then presumably only binds to that? Why not the wildcard?!
This code would at least match these comments made in another thread.
Code:
sub get_host_address_family {
my ($hostname, $socktype) = @_;
my @res = getaddrinfo_all($hostname, socktype => $socktype);
return $res[0]->{family};
}I have no idea why it returns only the first element in the hash as returned by Socket::getaddrinfo, and then presumably only binds to that? Why not the wildcard?!
This code would at least match these comments made in another thread.
It does bind to the wildcard address, but it uses the first address' family. So only if your hostname resolves to an ipv6 address first it'll use ipv6. Given that we don't set bindv6only we could probably always use ipv6 if it's somewhere in the array used in the above function.
Apologies, that's exactly what I meant. My bad.
Forgive me, but I don't just get why it doesn't both:
- Wildcard bind (as it already does as above)
- Bind in all families
This post is a good explanation too.
I guess, in another way, your comment re bindv6only is kinda saying the same thing as what I just said above.
So if I want pveproxy to listen on v4 and v6 i need to wait a bit for changes to Proxmox? (I dont want v6 only yet)
OK think I've figured this out based on .. actually reading the above properly 
I think in the code snippet above, $hostname = "pvelocalhost".
As mentioned by @wbumiller, it picks the family that it sees first and by default this is in /etc/hosts as an IPv4 address.
By making this an IPv6-mapped IPv4 address, this would cause pveproxy bind to a v6 socket but work for both v4 and v6 as it doesn't have bindv6only enabled.
So my hosts file becomes:
which results in
Seems to work for both IPv4 and IPv6
I think in the code snippet above, $hostname = "pvelocalhost".
As mentioned by @wbumiller, it picks the family that it sees first and by default this is in /etc/hosts as an IPv4 address.
By making this an IPv6-mapped IPv4 address, this would cause pveproxy bind to a v6 socket but work for both v4 and v6 as it doesn't have bindv6only enabled.
So my hosts file becomes:
Code:
root@pve:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::ffff:10.0.0.53 pve.dev.example.org pve pvelocalhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhostswhich results in
Code:
root@pve:~# netstat -anlpt | grep 8006
tcp6 0 0 :::8006 :::* LISTEN 11181/pveproxy
root@pve:~#Seems to work for both IPv4 and IPv6
Code:
root@pve:~# curl -vk "https://127.0.0.1:8006" 2>&1 | grep "OK"
< HTTP/1.1 200 OK
root@pve:~# curl -vk "https://[::1]:8006" 2>&1 | grep "OK"
< HTTP/1.1 200 OK