I have managed to set IPv6 privacy in Proxmox PVE, in LXC and in VM.
Here is how I did that.
##################################
-------- Privacy extension in Proxmox PVE ---------
##################################
Open a terminal in Proxmox PVE
Run this command to check if you have it already, it should show 0 if you don't have privacy temp address
sysctl net.ipv6.conf.vmbr0.use_tempaddr
#Open this file
#Add these setting that will set the IPv6 temporary addresses (ipv6-privacy) and enable Accept RA
Bash:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.vmbr0.use_tempaddr = 2
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.vmbr0.accept_ra = 2
#Run this command, it should output all to 2 now
#Make the interface down and up again in one command
sudo ifdown vmbr0 && sudo ifup vmbr0
or
sudo ip link set vmbr0 down && sudo ip link set vmbr0 up
#Check the temporary ipv6 address, you will see now two ipv6 address, one which is identified as temporary.
#My Output
Bash:
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet6 2a01:x:x:x:x:x:x:x/64 scope global temporary dynamic
valid_lft 86317sec preferred_lft 14317sec
inet6 2a01:e0a:x:x:x:x:x:x/64 scope global dynamic mngtmpaddr
valid_lft 86317sec preferred_lft 14317sec
inet6 fe80::x:x:x:x/64 scope link
valid_lft forever preferred_lft forever
################################
------ -- Privacy extension in LXC Containers -------
################################
Open a terminal in your LXC
Open the network Eth0 config
vi /etc/systemd/network/eth0.network
#add IPv6Privacy after IPv6AcceptRA (here is my config)
Bash:
[Match]
Name = eth0
[Network]
Description = Interface eth0 autoconfigured by PVE
DHCP = ipv4
IPv6AcceptRA = true
IPv6PrivacyExtensions = true
#add a new file (this file blocks the PVE host from changing the configuration)
touch /etc/systemd/network/.pve-ignore.eth0.network
#restart network or reboot the lxc
systemctl restart systemd-networkd.service
or
#check if you have the temporary ipv6 address
##############################
------ Privacy extension in VM Machine ----------
##############################
Open a terminal in your VM
For a VM that was not managed by a cloud-init and the network config is managed by NetworkManager or networkd
#Open the netplan config file (you have may have a different filename, go in /etc/netplan/ and list element).
sudo vi /etc/netplan/00-installer-config.yaml
#Add ipv6-privacy: yes
#Here is my config
Bash:
# This is the network config written by 'subiquity'
network:
version: 2
renderer: NetworkManager
ethernets:
ens18:
dhcp4: true
dhcp6: true
ipv6-privacy: yes
#Restart
#check if you have the temporary ipv6 address
For a VM managed by Cloud-Init, it configures the system on the first boot using provided settings (e.g., networking, SSH keys). After that, Cloud-Init usually doesn't reapply these settings on reboot unless explicitly configured to do so. Therefore, changes can be made with the understanding that they will not be overwritten by Cloud-Init.
#open the cloud init network file (you have may have a different filename, go in /etc/netplan/ and list element).
sudo vi /etc/netplan/50-cloud-init.yaml
#add ipv6-privacy: true
#Here is my config
Bash:
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
eth0:
dhcp4: true
dhcp6: true
ipv6-privacy: true
match:
macaddress: xx:xx:xx:xx:xx:xx
set-name: eth0
#Restart
#check if you have the temporary ipv6 address
