IPv6 OpenVZ VEs and Debian/Proxmox as host system
February 24, 2013
A friend of mine got a new root server and asked me to help him set it up. And of course I helped and as he got a free IPv6 subnet I thought lets configure it. He is running Proxmox as his host system, which is based on Debian.So this guide is also true for Debian systems which have OpenVZ installed.
- You want to use IPv6 for the host system, you need to add at least following to
/etc/network/interfaces
iface vmbr0 inet6 static
address 2001:xxxx:xxxx:xxx::1
netmask 64
up ip -6 route add default via 2001:xxxxx:beef::1 dev vmbr0
down ip -6 route del default via 2001:xxxxx:beef::1 dev vmbr0Replace
vmbr0
witheth0
if you’re not using Proxmox and only OpenVZ on Debian. - The ISP my friend has the server located at uses a default gateway, which is not in his IPv6 subnet, you need therefore add a host route. Which is done be following 2 lines
up ip -6 route add 2001:4ba0:fff7:1:beef::1 dev vmbr0
down ip -6 route del 2001:4ba0:fff7:1:beef::1 dev vmbr0 - Restart the networking with:
/etc/init.d/networking restart
- Test it with following:
ping6 yourOwnIP
ping6 defaultGW
ping6 2001:4860:4860::8888
(Google IPv6 DNS Server)
- Add following to
/etc/sysctl.conf
and make sure it is not defined two times
# IPv6 Packet Forwarding and Proxy NDP
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1 - Call
sysctl -p
to activate it at once (so no reboot is required) - Go to
/etc/vz/vz.conf
and make sure following is in there
IPV6="yes"
- You currently can’t add an IPv6 address through the web GUI of Proxmox – so you need to use the CLI (replace with a IP adresse from your IPv6 range
vzctl set <VEID> --ipadd 2001:xxx:xxx::xxx --save
- restart the VE, and try the ping stuff from step 4 in the VE. (ps: It can take up to 5 pings before you get a response the first time.)
More is not needed … its quite easy!
ps: don’t forget to add an IPv6 DNS server, if it is a IPv6 only VE. This can currently not be done via Proxmox web GUI.
pps: iptables does not filter IPv6 .. you need ip6tables for this. don’t think that you’re secure, if you didn’t open anything with iptables.
No Comments yet »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Powered by WordPress
Entries and comments feeds.
Valid XHTML and CSS.
35 queries. 0.056 seconds.