Join Log in
Score:4
avatar Server

How to route IPv6 to the external interface?

in flag
Houman

I have purchased a VPS from IONOS. While they provide an IPv6 range 2a00:xxxx:xxxx:67::/64, they don't route it to the VPS itself, which is quite odd.

I wonder how I can achieve that. I have only 254 clients, so I'm happy to do it manually. This is what I already see in the route table:

ip -6 route

::1 dev lo proto kernel metric 256 pref medium
2a00:xxxx:xxxx:67:ffff::1 dev wg0 metric 1024 pref medium
2a00:xxxx:xxxx:67:ffff::2 dev wg0 metric 1024 pref medium
... all way to 254
2a00:xxxx:xxxx:67:ffff::254 dev wg0 metric 1024 pref medium
2a00:xxxx:xxxx:67::/64 dev ens192 proto kernel metric 256 pref medium
fd8e:xxxx:xxxx::/112 dev wg0 proto kernel metric 256 pref medium
fe80::/64 dev ens192 proto kernel metric 256 pref medium
default via fe80::1 dev ens192 metric 1024 onlink pref medium

So do I need to assign the client IPs separately to the ens192 to make this work? I have made a small bash script for this:

#!/bin/sh
NUMBER_CLIENTS=254
for ((DOT_IP=1; DOT_IP<=NUMBER_CLIENTS; DOT_IP++))
do
        sudo ip -6 addr add 2a00:xxxx:xxxx:67:ffff::${DOT_IP}/64 dev ens192
done

The script works, but my Wireguard VPN clients still don't get a functioning IPv6. After successfully connecting with Wireguard, they have only an IPv4 assigned and not an IPv6.

What else could I do please?

Based on their guide, they seem to be suggesting to use accept_ra 0 in the static IP allocation. But I didn't set it:

auto lo ens192
iface lo inet loopback

allow-hotplug ens192
iface ens192 inet dhcp

iface ens192 inet6 static
  address 2a00:xxxx:xxxx:67::1
  netmask 64
  gateway fe80::1

Other than that I have forwarding enabled in /etc/sysctl.d/99-sysctl.conf:

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

Many Thanks

107
0 + 0
in flag
Houman
The clients are Wireguard VPN clients that would like to connect to the WireGuard Server installed on the VPS. `wg0` that you see in the route table is effectively the server's interface. This setup has been working fine on VPS providers that do route their subnet to the VPS. But this provider doesn't hence the challenges I'm facing.
1
Reply
A.B avatar
cl flag
A.B
my bad I didn't read correctly
0
Reply
Score:0
M.S. avatar Server
sh flag
M.S.

I recently had a similar issue. On IONOS VPS using their default config, IPv6 unfortunately stops working when enabling net.ipv6.conf.all.forwarding = 1. This is specific to the IONOS setup, because they use "router advertisement" to determine the true IPv6 address, probably to avoid having to create a specific interfaces file for each VPS when deploying the image. Their default IPv6 config looks as follows:

iface ens192 inet6 manual
      pre-up sleep 5
      up dhclient -6 -nw -v ens192
      down dhclient -6 -r -v ens192

IP6 forwarding however disables router advertisement by default, so IPv6 stops working in that case.

A working solution to that issue is the following IPv6 config in /etc/network/interfaces (replace the address with your VPS' specific IPv6 address, a reboot may be advisable):

iface ens192 inet6 static
        accept_ra 2
        address 2a00:xxxx:xxxx:67::1/128
        up ip -6 r a default dev ens192

The accept_ra 2 forces router advertisement, but this parameter is ignored for the 'manual' method, therefore the 'static' method.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.