lxc container IPv6, how to ensure eui-64 (privext 0)?

[olivluca]

I just activated IPV6 on my network and I see than, in spite of not configuring IPv6 (i.e leaving IPv6 as static with IPv6/Cidr None) my containers (debian 13) still get IPv6 addresses with SLAAC and it seems they use eui-64.
I like that because my ISP assigns a dynamic prefix (so I cannot use static IPv6 addresses) and this way I can just allow traffic to the static suffix (the router being opewrt running in a virtual machine) and change the dns to point to the new address (using the ddns service of openwrt), however I'd like that to be by design and not by chance.
Toggling between IPv6 static/none and SLAAC only removes or adds the line "iface eth0 inet6 auto" to /etc/network/interfaces (I guess debian uses SLAAC even without this line) but I don't know how to add the line "privext 0" so I'm sure the suffix only depends on the (static) mac address.
Forgive me if it's a stupid question, I'm still trying to familiarize myself with IPv6

 

[Khensu]

Hey

If you set it to 'Static' in the GUI, you have to manually enter an address, and Proxmox writes exactly that into the interfaces file. Otherwise, if left blank or set to SLAAC, Debian's kernel just handles it automatically using Router Advertisements from OpenWrt.

Example for static entry:
iface eth0 inet6 static
address 2003:f6...::10/64

So you can set it to SLAAC in the GUI, or just leave IPv6 set to None (which leaves the config blank, but Debian's kernel will still pick up the Router Advertisements on its own)

You sadly cant edit the /etc/network/interfaces directly, as it gets reset on every reboot

But as long as you do not edit the MAC, the IPv6 will update with the ISP prefix automatically (SLAAC).
It is predictable, with eui-64:

- Take the MAC: bc:24:11:f6:f0:3d
- Split it in the middle: bc:24:11 and f6:f0:3d
- Insert ff:fe in the gap: bc:24:11:ff:fe:f6:f0:3d
- Flip that 7th bit: be:24:11:ff:fe:f6:f0:3d

Result: XXXX:XX:XXX:XXXX:be24:11ff:fef6:f03d
XXXX:XX:XXX:XXXX: => ISP Prefix

But you can also use the link local address for such things.
This will be generated anyway, regardless what mode you pick.
Basically the same as before but the ISP prefix is always fe80:: => which you should use in a local network anyway.

Alternatively, if you want a setup that survives MAC address changes and handles DNS automatically, I'd strongly recommend using a DHCPv6 server instead. If you combine that with OpenWrt's "Register hostname in DNS" setting, you can always access your containers by their hostnames. Because let's be honest... remembering IPv6 addresses sucks!