IPv6 woes with dynamic prefixes and SLAAC

meyergru

Member
Jan 28, 2023
66
14
8
www.congenio.de
I am using Proxmox with several VLANs for VMs with an ISP that hands out dynamic IPv6 prefixes.

Thus, my router gives router advertisements for different VLANs with their respective prefix. The VLANs are defined on the Proxmox host, where only one VLAN has an IPv4 assigned. So, I can connect VMs to any given VLAN bridge.

I want to make use of IPv6 for the Proxmox host as well (I need to because there is a counterpart that is only reachable via IPv6), but I find no way of doing that: I obviously cannot use a static IPv6, because I cannot predict the dynamic prefixes. For any other machine on that VLAN, I use SLAAC, which works fine for this.

However, I now found that - counter-intuitively - SLAAC is automatically being used if you do not configure an IPv6 address at all (i.e. on all otherwise unconfigured VLAN bridges), but not if you assign a static IPv4 (!) for an interface. This is strange in more than one aspect, since it has the side effect that IPv6 works 'by accident' via the unconfigured bridges, despite they are only there to have VM guests (but NOT the Proxmox host) connect somewhere.

I have tried to add a manual line to /etc/network/interfaces like:

iface vmbr0 inet6 auto
autoconf 1
accept_ra 2

But it does not work since ifupdown2 does not understand 'auto', only 'static', 'manual' and 'dhcp'.

What I would like to have is a way to specify SLAAC for an interface/bridge and have an empty configuration mean "no IPv6". At this time, I cannot do the first and I think that SLAAC "per default" is a risk in itself.
 
Ifupdown2 is buggy currrently (both auto or accept_ra ), i have sent a patch to add slaac support last week-end, it should be available soon. As workaround, you can use a pre-up script witth sysctl. Or I can send you the patched ifupdown2 version for testing
 
  • Like
Reactions: meyergru

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!