Web UI in IPv4 and IPv6

[dominique.fournier]

Hi
I try to activate the Web UI in IPv4 AND IPv6.
I found this page https://pve.proxmox.com/pve-docs/pveproxy.8.html to enable IPv6.
So I created a /etc/default/pveproxy file and put in it :
LISTEN_IP="2a01:e0a:a:b::c"
I restart the service with :
systemctl restart pveproxy.service spiceproxy.service

But in this case, the IPv4 is not working anymore (of course).

My question is : how should I put "::" to activate both, and request the daemon to listen on all the IP available ?
I also try "::" and "::ffff:0.0.0.0", but they activate only IPv4.

Thanks

 

[t.lamprecht]

Hi,

My question is : how should I put "::" to activate both, and request the daemon to listen on all the IP available ?

What's your Proxmox VE version pveversion -v ?
As since Proxmox VE 6.4 the pveproxy main API daemon listens on both per default, so you'd just not set the LISTEN_IP variable there at all, but yes, using the :: wildcard (with PVE 6.4 or newer) would make the API proxy listen on both, IPv4 and IPv6.

 

[dominique.fournier]

# pveversion -v
proxmox-ve: 6.4-1 (running kernel: 5.4.157-1-pve)
pve-manager: 6.4-13 (running version: 6.4-13/9f411e79)

I will try to upgrade in version 7 to see if the problem is solved.

 

[t.lamprecht]

# pveversion -v

The full output of that command would be interesting to ensure no dependency is outdated/held back, as the change needs also newer libhttp-server and libpve-common packages IIRC, the manager version itself should be recent enough.

Just to be sure: How do you check where the web.interface listens (not that it's a FW issue), e.g., can you post the output of:

ss -tlpn

 

[dominique.fournier]

# pveversion -v

proxmox-ve: 6.4-1 (running kernel: 5.4.157-1-pve)
pve-manager: 6.4-13 (running version: 6.4-13/9f411e79)
pve-kernel-5.4: 6.4-11
pve-kernel-helper: 6.4-11
pve-kernel-5.3: 6.1-6
pve-kernel-5.4.157-1-pve: 5.4.157-1
pve-kernel-5.4.143-1-pve: 5.4.143-1
pve-kernel-5.4.128-1-pve: 5.4.128-2
pve-kernel-5.3.18-3-pve: 5.3.18-3
ceph-fuse: 12.2.13-pve1
corosync: 3.1.5-pve2~bpo10+1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.22-pve2~bpo10+1
libproxmox-acme-perl: 1.1.0
libproxmox-backup-qemu0: 1.1.0-1
libpve-access-control: 6.4-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.4-4
libpve-guest-common-perl: 3.1-5
libpve-http-server-perl: 3.2-3
libpve-storage-perl: 6.4-1
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.6-2
lxcfs: 4.0.6-pve1
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.1.13-2
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.6-1
pve-cluster: 6.4-1
pve-container: 3.3-6
pve-docs: 6.4-2
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-4
pve-firmware: 3.3-2
pve-ha-manager: 3.1-1
pve-i18n: 2.3-1
pve-qemu-kvm: 5.2.0-6
pve-xtermjs: 4.7.0-3
qemu-server: 6.4-2
smartmontools: 7.2-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 2.0.6-pve1~bpo10+1

# ss -tlpn (When I force the IPv6 address in LISTEN_IP)

State   Recv-Q   Send-Q               Local Address:Port     Peer Address:Port                                                                                  
LISTEN  0        5                        127.0.0.1:3551          0.0.0.0:*      users:(("apcupsd",pid=8038,fd=6))                                              
LISTEN  0        128                        0.0.0.0:111           0.0.0.0:*      users:(("rpcbind",pid=1121,fd=4),("systemd",pid=1,fd=42))                      
LISTEN  0        128                      127.0.0.1:85            0.0.0.0:*      users:(("pvedaemon worke",pid=15477,fd=6),("pvedaemon worke",pid=8892,fd=6),("pvedaemon worke",pid=6803,fd=6),("pvedaemon",pid=2340,fd=6))
LISTEN  0        10                   192.168.10.99:53            0.0.0.0:*      users:(("named",pid=1814,fd=23))                                               
LISTEN  0        10                       127.0.0.1:53            0.0.0.0:*      users:(("named",pid=1814,fd=22))                                               
LISTEN  0        128                        0.0.0.0:22            0.0.0.0:*      users:(("sshd",pid=1825,fd=3))                                                 
LISTEN  0        100                      127.0.0.1:25            0.0.0.0:*      users:(("master",pid=2137,fd=13))                                              
LISTEN  0        128                      127.0.0.1:953           0.0.0.0:*      users:(("named",pid=1814,fd=24))                                               
LISTEN  0        128        [2a01:e0a:2a7:9cd0::99]:8006             [::]:*      users:(("pveproxy worker",pid=22068,fd=6),("pveproxy worker",pid=22067,fd=6),("pveproxy worker",pid=22065,fd=6),("pveproxy",pid=11205,fd=6))
LISTEN  0        128                           [::]:111              [::]:*      users:(("rpcbind",pid=1121,fd=6),("systemd",pid=1,fd=44))                      
LISTEN  0        128                              *:4949                *:*      users:(("munin-node",pid=1900,fd=5))                                           
LISTEN  0        10                            [::]:53               [::]:*      users:(("named",pid=1814,fd=21))                                               
LISTEN  0        128                           [::]:22               [::]:*      users:(("sshd",pid=1825,fd=4))                                                 
LISTEN  0        128        [2a01:e0a:2a7:9cd0::99]:3128             [::]:*      users:(("spiceproxy work",pid=21878,fd=6),("spiceproxy",pid=11344,fd=6))       
LISTEN  0        100                          [::1]:25               [::]:*      users:(("master",pid=2137,fd=14))                                              
LISTEN  0        128                          [::1]:953              [::]:*      users:(("named",pid=1814,fd=25))

If I don't force the IPADDRESS :

State       Recv-Q      Send-Q            Local Address:Port             Peer Address:Port                                                                                                                                                         
LISTEN      0           5                     127.0.0.1:3551                  0.0.0.0:*          users:(("apcupsd",pid=8038,fd=6))                                                                                                                 
LISTEN      0           128                     0.0.0.0:111                   0.0.0.0:*          users:(("rpcbind",pid=1121,fd=4),("systemd",pid=1,fd=42))                                                                                         
LISTEN      0           128                   127.0.0.1:85                    0.0.0.0:*          users:(("pvedaemon worke",pid=15477,fd=6),("pvedaemon worke",pid=8892,fd=6),("pvedaemon worke",pid=6803,fd=6),("pvedaemon",pid=2340,fd=6))        
LISTEN      0           10                192.168.10.99:53                    0.0.0.0:*          users:(("named",pid=1814,fd=23))                                                                                                                  
LISTEN      0           10                    127.0.0.1:53                    0.0.0.0:*          users:(("named",pid=1814,fd=22))                                                                                                                  
LISTEN      0           128                     0.0.0.0:22                    0.0.0.0:*          users:(("sshd",pid=1825,fd=3))                                                                                                                    
LISTEN      0           100                   127.0.0.1:25                    0.0.0.0:*          users:(("master",pid=2137,fd=13))                                                                                                                 
LISTEN      0           128                   127.0.0.1:953                   0.0.0.0:*          users:(("named",pid=1814,fd=24))                                                                                                                  
LISTEN      0           128                           *:8006                        *:*          users:(("pveproxy worker",pid=16951,fd=6),("pveproxy worker",pid=16950,fd=6),("pveproxy worker",pid=16949,fd=6),("pveproxy",pid=16948,fd=6))      
LISTEN      0           128                        [::]:111                      [::]:*          users:(("rpcbind",pid=1121,fd=6),("systemd",pid=1,fd=44))                                                                                         
LISTEN      0           128                           *:4949                        *:*          users:(("munin-node",pid=1900,fd=5))                                                                                                              
LISTEN      0           10                         [::]:53                       [::]:*          users:(("named",pid=1814,fd=21))                                                                                                                  
LISTEN      0           128                        [::]:22                       [::]:*          users:(("sshd",pid=1825,fd=4))                                                                                                                    
LISTEN      0           128                           *:3128                        *:*          users:(("spiceproxy work",pid=16964,fd=6),("spiceproxy",pid=16963,fd=6))                                                                          
LISTEN      0           100                       [::1]:25                       [::]:*          users:(("master",pid=2137,fd=14))                                                                                                                 
LISTEN      0           128                       [::1]:953                      [::]:*          users:(("named",pid=1814,fd=25))

 

[t.lamprecht]

Seems working just fine?

If you do force an IPv6 it listens just on that ([2a01:e0a:2a7:9cd0::99]:8006):

LISTEN 0 128 [2a01:e0a:2a7:9cd0::99]:8006 [::]:* users:(("pveproxy worker",pid=22068,fd=6),("pveproxy worker",pid=22067,fd=6),("pveproxy worker",pid=22065,fd=6),("pveproxy",pid=11205,fd=6))

And if you do not force any explicit IP it listens on the full wildcard (*:8006):

LISTEN 0 128 *:8006 *:* users("pveproxy worker",pid=16951,fd=6),("pveproxy worker",pid=16950,fd=6),("pveproxy worker",pid=16949,fd=6),("pveproxy",pid=16948,fd=6))

So the "listen on both" definitively works from the PVE API daemon point of view, if you still cannot connect via a specific IP version I'd check firewall/network.

 

[dominique.fournier]

Hi Thomas
After upgrading to proxmox 7, the problem disappears. I can connect to the interface by IPv4 and IPv6

Thanks a lot !