IPv6 for VM without IPFO IPv4

#1

Hi

I would like to provide ipv6 connectivity to my VMs, without using MAC address and IPFO.
I’m using proxmox and a pfSense vm as router.

Currently, I’m stuck with this : Online doesn’t provide MAC addresss without associated ipv4.
And I don’t know how to activate ipv6 without dhclient … which need a proper and valid MAC address.

My idea is to use pfSense to assign ipv6 address to vm not bridged on LAN using radvd / NDP.

Is that possible ? How ?

#2

It’s possible.

You can use your pfSense VM or your Proxmox host as an IPv6 router in the same way as with IPv4.

Once you have a IPv6 Prefix Delegation (PD) for a /56 subnet thanks to the DHCPv6 client, the MAC address which made the request for the PD will be sent all the packets intended for the subnet. Then, your system is free to use any address of that subnet for itself, to route these or even both.

You can assign a IPv6 address manually, with DHCPv6 or with radvd / NDP, as you said. Anyways, you will need to setup radvd for your router to advertise itself as the default gateway.


AnonymousCoward

#3

Thank you for this answer.

Now I know it’s possible. But I’m still stuck on the “how to do it ?”.

My ipv6 configuration works (using this thread with a /64 prefix), and I’m looking at “Services \ DHCPv6 Server & RA \ LAN \ Router Advertisements” page. (<pfsense_url>/services_router_advertisements.php?if=lan).

I selected route mode "Assisted " :

With only this configuration (no dhcpv6 server), it doesn’t work.
If I start the dhcpv6 server, I get an ip from a private ipv6 subnet (define by the dhcpv6 server page) but no routing. I can only ping the ipv6 LAN address on pfsense.

pfSense and ipv6 configuration [Solved]
#4

Thanks to Kldint on IRC, it works :slight_smile:

  • Create one /56 block on online.net console
  • Create 2 x /64 subnets from it
  • On WAN interface, configure the DUID from the /56 block and add one ipv6 from the first /64 (with this howto => just set the Prefix interface statement to 64)
  • On LAN interface, add one ipv6 from the second /64 with IPv6 Configuration Type = Static IPV6
  • On Services > DHCPv6 Server & RA (don’t enable the DHCPv6 server !) > Router Advertisements, choose router mode “Unmanaged - RA Flags [none], Prefix Flags [onlink, auto, router]” and set DNS servers (like google : 2001:4860:4860::8844 & 2001:4860:4860::8888)

And that’s all !
Every VM on pfSense’s LAN will automatically get ipv6 route and automatic ip through EUI-64 method

Note : some says that you need to set net.ipv6.conf.all.accept_ra=2 on sysctl.conf (and sysctl -p to apply), but it worked for my fresh debian VM without it !


Another working configuration (my real configuration, because I’m using others /64 elsewhere, so I couldn’t give a full /56 to pfSense)) => assign only one /64 for pfsense :

  • One ipv6 (like IP_BLOCK ::1 /128) on WAN + DUID configuration
  • One ipv6 (like IP_BLOCK ::2 /64) on LAN
  • Same Router Advertisements configuration as above
Multiple MAC address per server without IPFO for IPv6-only usage
#5

Thanks,

I am trying to set the same things up.

I have a Proxmox server with a Pfsense VM on top of it.
When I am sniffing vmbr0 on proxmox, I am seeing the DHCPV6 Solicit with the correct DUID. Howerver I am not getting any reply.

What I am missing out is how the reply is going to get delivered back to the VM, as the source mac address is the mac address of the VM (I am indeed bridged on the server NIC but I am guessing there is some kind of mac filtering going on on the switch to prevent VM macs from getting out).

EDIT : Or maybe I missunderstood and your proxmox is routing IPV6 for your pfsense, and then your pfsense is routing to your other VMs ?

#6

Hello,

Your VM can reach Online’s network and Internet in two different ways:

  • having an interface bridged with eth0 and having its own virtual MAC address going with a mandatory additional IPv4 address. Both provided by Online.

  • by having its packets routed through the hypervisor. If for IPv4 trafic, the hypervisor need to provide source NAT.

Both ways are possible with proxmox VE.

Obviously, if you choose the routed setup, the dhcpv6 client asking for the Prefix Delegation must run on the hypervisor.


AnonymousCoward