My problem:
IPv6 connectivity on the Proxmox host appears to be working fine, I can make connections to and from the Proxmox host, for example, SSH (over IPv6) into the host and pinging the Cloudflare IPv6 DNS address works fine, but that's as far as I can get. Connections from the pfSense guest using IPv6 don't work at all. I think the issue I'm facing now is to do with proxying NDP to the pfSense guest. This is purely a guess though, I'm not that well versed with IPv6.
Setup:
I'll substitute some address for obvious reasons:
Notes:
I did have success at one point by using ip6tables to accept all the traffic the Proxmox host needs i.e. SSH, the web GUI ports and Spice ports etc... Then DNAT the traffic to the pfSense guest and masquerade any outcoming connections from the pfSense guest, that did let me ping out from the pfSense guest to public IPv6 addresses, but I couldn't ping the pfSense guest IPv6 from my local machine. Traceroute seems to show the requests for the pfSense IPv6 getting to the OVH network fine but never seems to reach my server.
I've Googled so much over the last few days, but it seems not many still care for IPv6 yet so it's made it incredibly hard to get this far. I've tried these guides but none are working for me:
I used this guide for setting up IPv4 which is working well:
If anyone has ideas, please send them.
Thanks
IPv6 connectivity on the Proxmox host appears to be working fine, I can make connections to and from the Proxmox host, for example, SSH (over IPv6) into the host and pinging the Cloudflare IPv6 DNS address works fine, but that's as far as I can get. Connections from the pfSense guest using IPv6 don't work at all. I think the issue I'm facing now is to do with proxying NDP to the pfSense guest. This is purely a guess though, I'm not that well versed with IPv6.
Setup:
I'll substitute some address for obvious reasons:
- 12.34.56.78 = Proxmox public IPv4
- 12.34.56.254 = Proxmox OVH IPv4 gateway
- 11.34.56.78 = pfSense public IPv4
- 11.34.56.254 = pfSense OVH IPv4 gateway
- 2001:41d0:dead:beef::1 = Proxmox public IPv6
- 2001:41d0:dead:beef::2 = pfSense WAN IPv6
- 2001:41d0:dead:beff:ff:ff:ff:ff = OVH IPv6 gateway
- ov:hs:gi:ve:nm:ac = OVH supplied virtual MAC for pfSense IPv4 address (a second IP from OVH that they call a failover IP)
Code:
auto lo
iface lo inet loopback
auto enp1s0f0
iface enp1s0f0 inet manual
auto vmbr1
iface vmbr1 inet static
address 10.1.0.4/16
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr0
iface vmbr0 inet static
address 12.34.56.78/24
gateway 12.34.56.254
bridge-ports enp1s0f0
bridge-stp off
bridge-fd 0
iface vmbr0 inet6 static
address 2001:41d0:dead:beef::1/64
post-up /sbin/ip -f inet6 route add 2001:41d0:dead:beff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2001:41d0:dead:beff:ff:ff:ff:ff
post-up echo 1 > /proc/sys/net/ipv6/conf/vmbr0/proxy_ndp
pre-down /sbin/ip -f inet6 route del default via 2001:41d0:dead:beff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2001:41d0:dead:beff:ff:ff:ff:ff dev vmbr0
Code:
agent: 1
args: -cpu kvm64,-x2apic
balloon: 2048
bios: ovmf
bootdisk: scsi0
cores: 4
efidisk0: local:106/vm-106-disk-0.qcow2,size=128K
memory: 6144
name: pfsense
net0: virtio=ov:hs:gi:ve:nm:ac,bridge=vmbr0
net1: virtio=96:CF:AB:D6:D0:85,bridge=vmbr1
numa: 0
onboot: 1
ostype: other
scsi0: local:106/vm-106-disk-1.qcow2,discard=on,iothread=1,size=32G,ssd=1
scsihw: virtio-scsi-single
shares: 2000
smbios1: uuid=9f791e6e-7ca7-40a8-9809-7fcf2ca22060
sockets: 1
startup: order=10,up=45
vmgenid: 4e66c7da-4895-42d4-bf3c-894dd8b57398
Code:
ipv4: 11.34.56.78
ipv4 gateway: 11.34.56.254
ipv6: 2001:41d0:dead:beef::2
ipv6 gateway: 2001:41d0:dead:beff:ff:ff:ff:ff
Code:
root@proxmox:~$ ip -6 neigh show
2001:41d0:dead:beef::2 dev vmbr0 lladdr ov:hs:gi:ve:nm:ac router STALE
2001:41d0:dead:beff:ff:ff:ff:fd dev vmbr0 lladdr 00:ff:03:07:ff:fd router STALE
fe80::4cdb:a2ff:fefa:55f dev vmbr1 lladdr 4e:db:a2:fa:05:5f STALE
2001:41d0:dead:beff:ff:ff:ff:ff dev vmbr0 lladdr 00:f2:03:07:ff:ff router REACHABLE
fe80::2ff:3ff:fe07:fffe dev vmbr0 lladdr 00:ff:03:07:ff:fe router STALE
fe80::ff:fe72:6304 dev vmbr0 lladdr ov:hs:gi:ve:nm:ac router STALE
fe80::86e:78a3:dfa:3d64 dev vmbr1 lladdr 16:d3:ab:82:f0:3d STALE
2001:41d0:dead:beff:ff:ff:ff:fe dev vmbr0 lladdr 00:ff:03:07:ff:fe router STALE
fe80::2ff:3ff:fe07:fffd dev vmbr0 lladdr 00:ff:03:07:ff:fd router STALE
fe80::8c52:faff:feeb:f52d dev vmbr1 lladdr 8e:52:fa:eb:f5:2d STALE
Code:
[2.5.0-RELEASE][root@pfsense]/root: ndp -a -n
Neighbor Linklayer Address Netif Expire S Flags
fe80::94cf:abff:fed6:d085%vtnet1 96:cf:ab:d6:d0:85 vtnet1 permanent R
2001:41d0:dead:beef::1 d0:50:99:d8:1f:8a vtnet0 14s R R
2001:41d0:dead:beef::2 ov:hs:gi:ve:nm:ac vtnet0 permanent R
fe80::ff:fe72:6304%vtnet0 ov:hs:gi:ve:nm:ac vtnet0 permanent R
fe80::d250:99ff:fed8:1f8a%vtnet0 d0:50:99:d8:1f:8a vtnet0 24s R R
Code:
[2.5.0-RELEASE][root@pfsense]/root: ping6 -c4 2606:4700:4700::1111
PING6(56=40+8+8 bytes) 2001:41d0:dead:beef::2 --> 2606:4700:4700::1111
--- 2606:4700:4700::1111 ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet lossNotes:
I did have success at one point by using ip6tables to accept all the traffic the Proxmox host needs i.e. SSH, the web GUI ports and Spice ports etc... Then DNAT the traffic to the pfSense guest and masquerade any outcoming connections from the pfSense guest, that did let me ping out from the pfSense guest to public IPv6 addresses, but I couldn't ping the pfSense guest IPv6 from my local machine. Traceroute seems to show the requests for the pfSense IPv6 getting to the OVH network fine but never seems to reach my server.
Code:
# Generated by ip6tables-save v1.8.2 on Sun Mar 07 02:47:16 2021
*nat
:PREROUTING ACCEPT [36:3216]
:INPUT ACCEPT [2:144]
:OUTPUT ACCEPT [2:192]
:POSTROUTING ACCEPT [2:192]
-A PREROUTING -i vmbr0 -p icmp -j ACCEPT
-A PREROUTING -i vmbr0 -p tcp -m multiport --dports 25,2003,3128,8006,5900:5999,60000:60050 -j ACCEPT
-A PREROUTING -i vmbr0 -p udp -m multiport --dports 111,5404,5405 -j ACCEPT
-A PREROUTING -i vmbr0 -j DNAT --to-destination {My-IPv6-block}::2
-A POSTROUTING -s {My-IPv6-block}::/64 -o vmbr0 -j MASQUERADE
COMMIT
# Completed on Sun Mar 07 02:47:16 2021
# Generated by ip6tables-save v1.8.2 on Sun Mar 07 02:47:16 2021
*raw
:PREROUTING ACCEPT [891:183290]
:OUTPUT ACCEPT [689:228149]
-A PREROUTING -i fwbr+ -j CT --zone 1
COMMIT
# Completed on Sun Mar 07 02:47:16 2021
# Generated by ip6tables-save v1.8.2 on Sun Mar 07 02:47:16 2021
*filter
:INPUT ACCEPT [22:1552]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [433:147845]
-A INPUT -i vmbr0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Mar 07 02:47:16 2021I've Googled so much over the last few days, but it seems not many still care for IPv6 yet so it's made it incredibly hard to get this far. I've tried these guides but none are working for me:
- https://forum.proxmox.com/threads/o...and-vips-vips-not-routable-ovh-network.59711/
- https://forum.ovh.co.uk/showthread.php/7357-Proxmox-IPv6-Proxy-NDP-Issue
- https://www.kiloroot.com/proxmox-ki...single-kimsufi-server-using-ipv6-and-proxmox/
I used this guide for setting up IPv4 which is working well:
If anyone has ideas, please send them.
Thanks
Last edited: