Proxmox VE 3.4.11, OpenVZ and ipv6

E

edvjellissen

New Member
Sep 15, 2015
13
0
1
Hello,
i have a root server from an isp in germany (Strato). I have Proxmox configurated. I am using an openVZ Container currently with an ipv4 address but i would like to use it with ipv6 because i have a ipv6 subnet from my ISP. So i can use many many many ipv6 addresses.
Only when i know how to use it :) I have configurated a container with an ipv6 address but it doesn't work. IPv6 Forwarding is activated on the host. But i can't ping any website from inside the container. My Question is - why not?

Please, can anyone help me?


Thanks.

Please, i need help. Can anyone help me?
 
Last edited:
Are you using venet? Try enabling net.ipv6.conf.all.proxy_ndp in addition to forwarding.
Code: 
sysctl net.ipv6.conf.all.proxy_ndp=1
sysctl net.ipv6.conf.all.forwarding=1
sysctl net.ipv6.conf.venet0.forwarding=1
sysctl net.ipv6.conf.vmbr0.forwarding=1
 
Thanks. But when i add these lines into my /etc/sysctl.conf and when i use sysctl -p i became an error wich say
"File or Directory not Found"
Code: 
sysctl -p
net.ipv6.conf.all.accept_ra = 0
sysctl: cannot stat /proc/sys/sysctl net/ipv6/conf/all/proxy_ndp: Datei oder Verzeichnis nicht gefunden
sysctl: cannot stat /proc/sys/sysctl net/ipv6/conf/all/forwarding: Datei oder Verzeichnis nicht gefunden
sysctl: cannot stat /proc/sys/sysctl net/ipv6/conf/venet0/forwarding: Datei oder Verzeichnis nicht gefunden
sysctl: cannot stat /proc/sys/sysctl net/ipv6/conf/vmbr0/forwarding: Datei oder Verzeichnis nicht gefunden
 
I guess I should have put '#' signs in front of the lines...
naturally when you execute them via a sysctl.conf file you have to remove the sysctl part from the lines....

Edit: PS: When you post an error message, please first set LANG=C...
 
Last edited:
Edit: PS: When you post an error message, please first set LANG=C...​
Click to expand...

I'm sorry, what do you mean?

So, my mistake. On the Host works it now.
But which configuration is needed in my vm?
In Proxmox on my vm i only have a ipv6 address configurated. Not a "Network Adapter"

here are my ifconfig output from the vm
Code: 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: 2a01:238:43ad:d00::3/128 Scope:Global
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:50 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:289 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6799 (6.6 KiB)  TX bytes:6792 (6.6 KiB)

and from route -6
Code: 
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2a01:238:43ad:d00::3/128       ::                         U    256 0     0 venet0
fe80::/64                      ::                         U    256 0     0 venet0
::/0                           ::                         U    1   0     0 venet0
::/0                           ::                         !n   -1  1    11 lo
::1/128                        ::                         Un   0   1     5 lo
2a01:238:43ad:d00::3/128       ::                         Un   0   1   237 lo
ff00::/8                       ::                         U    256 0     0 venet0
::/0                           ::                         !n   -1  1    11 lo

the reason, i can't ping any adress


 
edvjellissen said:
I'm sorry, what do you mean?
Click to expand...
It's much easier for people to help you when the command output is english, which is easily accomplished by prefixing commands with LANG=c or issuing an export LANG=c command in your shell once.

edvjellissen said:
So, my mistake. On the Host works it now.
But which configuration is needed in my vm?
In Proxmox on my vm i only have a ipv6 address configurated. Not a "Network Adapter"

here are my ifconfig output from the vm
Code: 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: 2a01:238:43ad:d00::3/128 Scope:Global
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:50 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:289 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6799 (6.6 KiB)  TX bytes:6792 (6.6 KiB)

and from route -6
Code: 
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2a01:238:43ad:d00::3/128       ::                         U    256 0     0 venet0
fe80::/64                      ::                         U    256 0     0 venet0
::/0                           ::                         U    1   0     0 venet0
::/0                           ::                         !n   -1  1    11 lo
::1/128                        ::                         Un   0   1     5 lo
2a01:238:43ad:d00::3/128       ::                         Un   0   1   237 lo
ff00::/8                       ::                         U    256 0     0 venet0
::/0                           ::                         !n   -1  1    11 lo

the reason, i can't ping any adress
Click to expand...

In my test I didn't change anything on the guest VM. The only difference is that I don't have the accept_ra=0 line, which makes me wonder why you say that ipv6 is working on your host now?
Does your host also have an address? Can you ping the host from the guest? Can you try using tcpdump to see how far the packets are going?
 
How can i make a tcpdump?

I can't ping from the guest to the host. "Unknown host"
when i comment the line
Code: 
accept_ra=0
it is no difference. The same reason. Can't ping anything.

But currently i'm able to use ssh via ipv6 from the host to the guest.
I think it is helpfull.


When i try to ping from the host to the host address. I become the error
Code: 
Network is unreachable

The route - 6 from my host looks like

Code: 
Kernel-IPv6-Routentabelle
Destination                    Next Hop                   Flag Met Ref Use If
2a01:238:43ad:d00::3/128       ::                         U    1024 0     0 venet0
2a01:238:43ad:d00:7726:7a31:f72f:3d8b/128 ::                         U    256 0     0 eth0
2a01:238:43ad:d00::/56         ::                         !n   1024 0     3 lo
fe80::1/128                    ::                         U    256 0     0 venet0
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 vmbr0
fe80::/64                      ::                         U    256 0     0 venet0
::/0                           fe80::1                    UG   1024 0     0 eth0
::/0                           ::                         !n   -1  1     8 lo
::1/128                        ::                         Un   0   1     3 lo
2a01:238:43ad:d00:7726:7a31:f72f:3d8b/128 ::                         Un   0   1   231 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::1/128                    ::                         Un   0   1     0 lo
fe80::224:21ff:feaf:8ccf/128   ::                         Un   0   1     0 lo
fe80::28cb:baff:fe71:8fb4/128  ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 vmbr0
ff00::/8                       ::                         U    256 0     0 venet0
::/0                           ::                         !n   -1  1     8 lo

2a01:238:43ad:d00::/56 this is my subnet from my isp.
 
Last edited:
Note that when you uncomment the accept_ra line you still haven't set it back to one. Try # echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra (though this shouldn't influence the ability to ping the guest from the host or host from the guest).
What's the exact command you use to ping the container from the host and vice versa?
On the host you should be able to use: ping6 '2a01:238:43ad:d00::3'
 
so, i can ping from the host to the guest. But don't from the guest to the host
I can ping from the host to ipv6.google.com via ping6 ipv6.google.com - it works fine.

What i'm doing wrong?
 
edvjellissen said:
so, i can ping from the host to the guest. But don't from the guest to the host
(...)
Click to expand...
Strange, do you have a firewall active?
The output on the host of
Code: 
# tcpdump -veni venet0 icmp
while trying to ping the host from the guest might be userful
 
I try to ping from the guest to the host.
On the host is tcpdump running.
But there is no output. Nothing :-(

Yes, i use a firewall. From my OS. It is Debian Wheezy. But i can't configure the firewall. I have no idea to do this.
 
Ah sorry, it should be tcpdump -veni venet0 icmp6... (yeah it's easy to forget that '6'...)
 
Does the container send it to its venet interface? (same tcpdump command from within the container).
 
I have no chance to test it, while i can't install tcpdump in the container. No Internet Connection and via scp copy the tar.gz file doesn't work while the installer needs other packages from the internet.
I'm sorry, have you another idea?
 
Could be a firewall problem, you said you used one, how is it configured?
 
I'm sorry, i don't know.
I use a turnkey-otrs template for my openvz virtual machine (container).

Ohh, i have a reason. I have tested an ping from my vm to the host. And it works.
the output from tcpdump on the host is
Code: 
17:23:34.208872  In ethertype IPv6 (0x86dd), length 120: (hlim 64, next-header ICMPv6 (58) payload length: 64) 2a01:238:43ad:d00::3 > 2a01:238:43ad:d00:7726:7a31:f72f:3d8b: [icmp6 sum ok] ICMP6, echo request, seq 218
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel

i have used ping6 to the ipv6 address from the host. But there is 100% lost.

i hope this is helpfully.
 
Last edited:
Any ideas?

is it helpfull when i update to Version 4 of Proxmox?
But now one costumer is on a virtual machine. it is better to handle one costumer than 500 or more.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back