NOVNC only starts on V4 and is not reachable via V6

[sirnerox]

Hi,
I am using a external panel for setting up VMs for customers and giving them access to the Console trough that.
When I wanted to try moving my PVE servers to V6 only, everything works great without one thing. I am not able to reach VNC ports via V6. I see that the service only start on 0.0.0.0/0 and not ::/0 that I want it to.
Do anyone have a solution/fix to this problem?

 

[_gabriel]

The default noVNC used in PVE for VM Console works here in ipV6 only. it's embedded in the 8006 port.

I am not able to reach VNC ports via V6

What ports do you mean ?

 

[sirnerox]

The default noVNC used in PVE for VM Console works here in ipV6 only. it's embedded in the 8006 port.


What ports do you mean ?

it is ports 5900-5999, they only becomes available when I request a VNC session

 

[sirnerox]

I want to clarify this. From my findings it looks like proxmox is using the GNU Netcat that only supports v4, but their is a port that was called Netcat6 that also should support IPv6 without any problem. Maybe they should look into implementing this one?

I want to use my Proxmox cluster V6 only, but I have needed to add a IPv4 address to get the external VM panel used for customers VMs able to VNC into proxmox.

 

[LongQT-sea]

Take a look at this: https://github.com/petarduss/proxmox-vnc

Also, here's a simple solution for IPv6 without touching anything on the Proxmox side: install Nginx or Caddy, listen on your chosen port (e.g., [::]:443 and 0.0.0.0:443), then proxy pass to the Proxmox IPv4 only backend at https://127.0.0.1:8006.

 

[sirnerox]

I don't want to install NGINX or Caddy on the proxmox itself. And that is the only solution to get this working right now without adding a IPv4 to the proxmox. I looked at the services that proxmox starts, and it starts it only on IPv6. I am using a panel that uses the VNC ports 5900-5999. The WEB Gui/API Port 8006 works perfectly on IPv6.

The Panel that I am using is doing the VNC proxy itself. So that guide itself is not needed, but I will take a look at that when I am writing my own Panel that I working on. But still need the IPv6 support.

 

[LongQT-sea]

Fair enough if you don't want to add Nginx/Caddy to the Proxmox host itself - you could always run it on a separate lightweight VM or container if that's a concern.

That said, just so you know: Proxmox already has built-in VNC proxying through its API (port 8006) with full ACL support, ticket-based authentication, and WebSocket connections. You don't actually need direct access to ports 5900-5999 - the /nodes/{node}/qemu/{vmid}/vncproxy and /vncwebsocket API endpoints handle all of that securely over HTTPS. That's how the web GUI console works.

Reinventing the wheel isn't necessarily bad if you have specific requirements, but it might be worth checking if the built-in API approach could simplify things for your custom panel. The GitHub repo I linked shows how to integrate it. But if you've got your own reasons for needing direct VNC port access over IPv6, totally understand - good luck with the panel development!

 

[sirnerox]

Using a VM will not work, since I need to have a V4 address for those ports to be accessible. So then I will just have a V4 address for this purpose until I get either the Panel owner to fix it. Or making my own that will take some time.

For my own panel that I am going to do I don`t need direct access to the 5900-5999. But the people that have writen the panel I am using is doing that... So I am maybe out of luck until then...

 

[LongQT-sea]

Ah I see, the panel you're using is hardcoded to connect directly to VNC ports, that's unfortunate. Yeah, not much you can do on your end then except wait for the panel developer to fix it or build your own.

Might be worth opening an issue/feature request with the panel developer pointing them to the Proxmox API approach, it's more secure anyway since traffic goes over HTTPS with proper authentication instead of raw VNC ports.