1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OVH IPv6 only KVM

Discussion in 'Proxmox VE: Networking and Firewall' started by Vengance, Aug 12, 2017.

  1. Vengance

    Vengance Member

    Joined:
    May 21, 2016
    Messages:
    31
    Likes Received:
    0
    Hello!

    I have a dedicated server running with Proxmox 5.0 at ovh (soyoustart).
    There are aleady running some KVMs with an IPv4 and an IPv6 address, which works fine.

    Due to the limited amount of IPv4s I want to setup some KVM VMs with only an IPv6 address.
    I did some testing and found out, that IPv6 connections only work, if you enter the vMAC of an unused IPv4 Failover to the NIC of the VM.


    But I also found out, that the usage of a ndppd proxy should solve this problem.
    I set up my system according to the following manual.

    Now if I create a VM with only an IPv6 and random MAC (not a vMAC of an IPv4), the IPv6 connection doesn´t work.

    If I enter the following command (which is normaly the job of the proxy) after the creation of the VM, the IPv6 only VM can ping ipv6 addresses.

    Code:
    ip -6 neigh add proxy 2001:xxxx:2:8054::603 dev vmbr0
    
    But if I restart the VM, the IPv6 connection is lost and no matter how often I enter the command, I can´t bring it up again. So It only works for newly created VMs until they are being rebooted.




    Manual: https://gist.github.com/panperla/77c169b1a8a1b745277d67f0979c86fd



    IPv6 network config hostsystem:
    Code:
    iface vmbr0 inet6 static
    
            address 2001:xxxx:0002:8054::
            netmask 64
            post-up /sbin/ip -f inet6 route add 2001:xxxx:0002:80ff:ff:ff:ff:ff dev vmbr0
            post-up /sbin/ip -f inet6 route add default via 2001:xxxx:0002:80ff:ff:ff:ff:ff
            pre-down /sbin/ip -f inet6 route del default via 2001:xxxx:0002:80ff:ff:ff:ff:ff
            pre-down /sbin/ip -f inet6 route del 2001:xxxx:0002:80ff:ff:ff:ff:ff dev vmbr0
    

    /etc/ndppd.conf hostsystem:
    Code:
    proxy vmbr0 {
    
              rule 2001:xxxx:2:8054::/64 {
      }
    }
    

    /etc/sysctl.conf hostsystem:
    Code:
    
    # /etc/sysctl.conf - Configuration file for setting system variables
    # See /etc/sysctl.d/ for additional system variables.
    # See sysctl.conf (5) for information.
    #
    
    #kernel.domainname = example.com
    
    # Uncomment the following to stop low-level messages on console
    #kernel.printk = 3 4 1 3
    
    ##############################################################3
    # Functions previously found in netbase
    #
    
    # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
    # Turn on Source Address Verification in all interfaces to
    # prevent some spoofing attacks
    #net.ipv4.conf.default.rp_filter=1
    #net.ipv4.conf.all.rp_filter=1
    
    # Uncomment the next line to enable TCP/IP SYN cookies
    # See http://lwn.net/Articles/277146/
    # Note: This may impact IPv6 TCP sessions too
    #net.ipv4.tcp_syncookies=1
    
    # Uncomment the next line to enable packet forwarding for IPv4
    #net.ipv4.ip_forward=1
    
    # Uncomment the next line to enable packet forwarding for IPv6
    #  Enabling this option disables Stateless Address Autoconfiguration
    #  based on Router Advertisements for this host
    #net.ipv6.conf.all.forwarding=1
    
    
    ###################################################################
    # Additional settings - these settings can improve the network
    # security of the host and prevent against some network attacks
    # including spoofing attacks and man in the middle attacks through
    # redirection. Some network environments, however, require that these
    # settings are disabled so review and enable them as needed.
    #
    # Do not accept ICMP redirects (prevent MITM attacks)
    #net.ipv4.conf.all.accept_redirects = 0
    #net.ipv6.conf.all.accept_redirects = 0
    # _or_
    # Accept ICMP redirects only for gateways listed in our default
    # gateway list (enabled by default)
    # net.ipv4.conf.all.secure_redirects = 1
    #
    # Do not send ICMP redirects (we are not a router)
    #net.ipv4.conf.all.send_redirects = 0
    #
    # Do not accept IP source route packets (we are not a router)
    #net.ipv4.conf.all.accept_source_route = 0
    #net.ipv6.conf.all.accept_source_route = 0
    #
    # Log Martian Packets
    #net.ipv4.conf.all.log_martians = 1
    #
    
    ###################################################################
    # Magic system request Key
    # 0=disable, 1=enable all
    # Debian kernels have this set to 0 (disable the key)
    # See https://www.kernel.org/doc/Documentation/sysrq.txt
    # for what other values do
    #kernel.sysrq=1
    
    ###################################################################
    # Protected links
    #
    # Protects against creating or following links under certain conditions
    # Debian kernels have both set to 1 (restricted)
    # See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
    #fs.protected_hardlinks=0
    #fs.protected_symlinks=0
    # Disable IPv6 autoconf
    net.ipv6.conf.all.autoconf = 0
    net.ipv6.conf.default.autoconf = 0
    net.ipv6.conf.vmbr0.autoconf = 0
    net.ipv6.conf.all.accept_ra = 0
    net.ipv6.conf.default.accept_ra = 0
    net.ipv6.conf.vmbr0.accept_ra = 0
    net.ipv6.conf.vmbr0.accept_ra = 0
    net.ipv6.conf.vmbr0.autoconf = 0
    net.ipv6.conf.default.proxy_ndp = 1
    net.ipv6.conf.all.proxy_ndp = 1
    net.ipv6.conf.default.forwarding = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.all.accept_ra_defrtr = 0
    net.ipv6.conf.default.accept_ra_defrtr = 0
    net.ipv6.conf.vmbr0.accept_ra_defrtr = 0
    net.ipv6.conf.all.accept_ra_pinfo = 0
    net.ipv6.conf.default.accept_ra_pinfo = 0
    net.ipv6.conf.vmbr0.accept_ra_pinfo = 0
    
    
    net.ipv6.conf.all.router_solicitations = 1
    net.ipv6.conf.default.forwarding = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.proxy_ndp = 1
    net.ipv6.conf.all.proxy_ndp = 1
    net.ipv4.ip_forward = 1
    

    Network config of an IPv6 only VM:
    [​IMG]
     
  2. Vengance

    Vengance Member

    Joined:
    May 21, 2016
    Messages:
    31
    Likes Received:
    0
    Any suggestions?
    I just want to get some IPv6 only VMs running.
     

Share This Page