IPv6 OpenVZ VEs and Debian/Proxmox as host system

February 24, 2013

A friend of mine got a new root server and asked me to help him set it up. And of course I helped and as he got a free IPv6 subnet I thought lets configure it.  He is running Proxmox as his host system, which is based on Debian.So this guide is also true for Debian systems which have OpenVZ installed.

  1. You want to use IPv6 for the host system, you need to add at least following to  /etc/network/interfaces
    iface vmbr0 inet6 static
    address 2001:xxxx:xxxx:xxx::1
    netmask 64
      up ip -6 route add default via 2001:xxxxx:beef::1 dev vmbr0
      down ip -6 route del default via 2001:xxxxx:beef::1 dev vmbr0

    Replace vmbr0 with eth0 if you’re not using Proxmox and only OpenVZ on Debian.

  2. The ISP my friend has the server located at uses a default gateway, which is not in his IPv6 subnet, you need therefore add a host route. Which is done be following 2 lines
      up ip -6 route add 2001:4ba0:fff7:1:beef::1 dev vmbr0
      down ip -6 route del 2001:4ba0:fff7:1:beef::1 dev vmbr0
  3. Restart the networking with: /etc/init.d/networking restart
  4. Test it with following:
  5. Add following to /etc/sysctl.conf and make sure it is not defined two times
    # IPv6 Packet Forwarding and Proxy NDP
    net.ipv6.conf.default.forwarding = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.proxy_ndp = 1
    net.ipv6.conf.all.proxy_ndp = 1
  6. Call sysctl -p to activate it at once (so no reboot is required)
  7. Go to /etc/vz/vz.conf and make sure following is in there
    IPV6="yes"
  8. You currently can’t add an IPv6 address through the web GUI of Proxmox – so you need to use the CLI (replace with a IP adresse from your IPv6 range
    vzctl set <VEID> --ipadd 2001:xxx:xxx::xxx --save
  9. restart the VE, and try the ping stuff from step 4 in the VE. (ps: It can take up to 5 pings before you get a response the first time.)

More is not needed … its quite easy!

ps: don’t forget to add an IPv6 DNS server, if it is a IPv6 only VE. This can currently not be done via Proxmox web GUI.

pps: iptables does not filter IPv6 .. you need ip6tables for this. don’t think that you’re secure, if you didn’t open anything with iptables.

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 70 queries. 0.531 seconds.