Ubuntu Container inv6 Privacy Extensions

Aktiobiem

New Member
Aug 29, 2023
1
0
1
Ubuntu Container inv6 Privacy Extensions



Hey there all together,

I am using this form since a while to find informations about configuring my proxmox system and I really like the forum.

Now I struggle since a few days to get the privacy extensions for ipv6 running in my ubuntu container.

My container getting a global and a link local ipv6 already (both have the interface ID at the end). But I didn’t get it working to get the temporary global ipv6 assigned.

I already tried several different things like adding IPv6PrivacyExtensions=true to /etc/sysctl.conf or checked that net.ipv6.conf.all.use_tempaddr=2 is set in /etc/sysctl.d/10-ipv6-privacy.conf. All of these seems to be right (at least what I can find out with the internet so far) but my container doesn’t get the privacy extensions running.

To be clear, I am a User, not an expert with that stuff.

Can someone direct me what I need to do to get it working?
 
I have managed to set IPv6 privacy in Proxmox PVE, in LXC and in VM.
Here is how I did that.

##################################
-------- Privacy extension in Proxmox PVE ---------
##################################
Open a terminal in Proxmox PVE
Run this command to check if you have it already, it should show 0 if you don't have privacy temp address
sysctl net.ipv6.conf.vmbr0.use_tempaddr

#Open this file
sudo vi /etc/sysctl.conf

#Add these setting that will set the IPv6 temporary addresses (ipv6-privacy) and enable Accept RA
Bash:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.vmbr0.use_tempaddr = 2
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.vmbr0.accept_ra = 2

#Run this command, it should output all to 2 now
sudo sysctl -p

#Make the interface down and up again in one command
sudo ifdown vmbr0 && sudo ifup vmbr0
or
sudo ip link set vmbr0 down && sudo ip link set vmbr0 up

#Check the temporary ipv6 address, you will see now two ipv6 address, one which is identified as temporary.
ip -6 addr show vmbr0

#My Output
Bash:
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet6 2a01:x:x:x:x:x:x:x/64 scope global temporary dynamic
       valid_lft 86317sec preferred_lft 14317sec
    inet6 2a01:e0a:x:x:x:x:x:x/64 scope global dynamic mngtmpaddr
       valid_lft 86317sec preferred_lft 14317sec
    inet6 fe80::x:x:x:x/64 scope link
       valid_lft forever preferred_lft forever

################################
------ -- Privacy extension in LXC Containers -------
################################
Open a terminal in your LXC
Open the network Eth0 config
vi /etc/systemd/network/eth0.network

#add IPv6Privacy after IPv6AcceptRA (here is my config)
Bash:
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
DHCP = ipv4
IPv6AcceptRA = true
IPv6PrivacyExtensions = true

#add a new file (this file blocks the PVE host from changing the configuration)
touch /etc/systemd/network/.pve-ignore.eth0.network

#restart network or reboot the lxc
systemctl restart systemd-networkd.service
or
sudo reboot

#check if you have the temporary ipv6 address
ip -6 addr show vmbr0

##############################
------ Privacy extension in VM Machine ----------
##############################
Open a terminal in your VM
For a VM that was not managed by a cloud-init and the network config is managed by NetworkManager or networkd

#Open the netplan config file (you have may have a different filename, go in /etc/netplan/ and list element).
sudo vi /etc/netplan/00-installer-config.yaml

#Add ipv6-privacy: yes

#Here is my config
Bash:
# This is the network config written by 'subiquity'
network:
  version: 2
  renderer: NetworkManager
  ethernets:
    ens18:
      dhcp4: true
      dhcp6: true
      ipv6-privacy: yes

#Restart
sudo reboot

#check if you have the temporary ipv6 address
ip -6 addr show vmbr0

For a VM managed by Cloud-Init, it configures the system on the first boot using provided settings (e.g., networking, SSH keys). After that, Cloud-Init usually doesn't reapply these settings on reboot unless explicitly configured to do so. Therefore, changes can be made with the understanding that they will not be overwritten by Cloud-Init.

#open the cloud init network file (you have may have a different filename, go in /etc/netplan/ and list element).
sudo vi /etc/netplan/50-cloud-init.yaml

#add ipv6-privacy: true

#Here is my config
Bash:
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            dhcp4: true
            dhcp6: true
            ipv6-privacy: true
            match:
                macaddress: xx:xx:xx:xx:xx:xx
            set-name: eth0

#Restart
sudo reboot

#check if you have the temporary ipv6 address
ip -6 addr show vmbr0
 
Last edited: