Using part of the IPv6 /64 block to provide public ips to wireguard clients

2»

Comments

  • networking changes on their end

    Could be helpful to know what were the changes, for @Neoon (and others) to ask for at other upstream providers.

    Thanked by (1)hey
  • edited October 2020

    @rm_ said:

    networking changes on their end

    Could be helpful to know what were the changes, for @Neoon (and others) to ask for at other upstream providers.

    @MaxKVM did not specify on the support ticket what networking changes were applied, but they did mention that it was a change they tried previously but did not get applied correctly. My suspicion is disabling ebtables as they have mentioned previously.

  • @rm_ said:
    2) https://github.com/DanielAdolfsson/ndppd may have a better chance of working, but it often won't either, because of this: https://github.com/DanielAdolfsson/ndppd/issues/55

    I'm trying to setup ndppd on several KVM servers so that I can give some Docker containers public IPv6 address.
    However, it works on some servers but not on others.

    Nexril - SolusVM, works:

    19:13:17.958191 IP6 2604:fbc0:2::1 > ff02::1:ff72:f:
        ICMP6, neighbor solicitation, who has 2604:fbc0:2:xxxx:646f:636b:6572:f, length 32
    19:13:17.958472 IP6 2604:fbc0:2:xxxx::2 > 2604:fbc0:2::1:
        ICMP6, neighbor advertisement, tgt is 2604:fbc0:2:xxxx:646f:636b:6572:f, length 32
    

    WebHorizon - Virtualizor, does not work:

    00:07:53.617438 IP6 fe80::669d:99ff:feb1:55b8 > ff02::1:ff72:2:
        ICMP6, neighbor solicitation, who has 2a03:cfc0:803f:xxxx:646f:636b:6572:2, length 32
    00:07:53.617714 IP6 fe80::216:3eff:fedd:7c83 > fe80::669d:99ff:feb1:55b8:
        ICMP6, neighbor advertisement, tgt is 2a03:cfc0:803f:xxxx:646f:636b:6572:2, length 32
    

    Evolution Host - Virtualizor, does not work:

    20:26:21.134809 IP6 fe80::e6c7:22ff:fe4f:1f3a > ff02::1:ffc3:d002:
        ICMP6, neighbor solicitation, who has 2604:f440:2:0:eb26:xxxx:4dc3:d002, length 32
    20:26:22.392771 IP6 fe80::216:3eff:fe43:dee1 > fe80::e6c7:22ff:fe4f:1f3a:
        ICMP6, neighbor advertisement, tgt is 2604:f440:2:0:eb26:xxxx:4dc3:d002, length 32
    

    I compared those to an IPv6 address assigned directly on the KVM machine, WebHorizon - Virtualizor:

    00:29:39.378544 IP6 fe80::669d:99ff:feb1:55b8 > ff02::1:ff00:6666:
        ICMP6, neighbor solicitation, who has 2a03:cfc0:803f:xxxx::6666, length 32
    00:29:39.378581 IP6 2a03:cfc0:803f:xxxx::6666 > fe80::669d:99ff:feb1:55b8:
        ICMP6, neighbor advertisement, tgt is 2a03:cfc0:803f:885::6666, length 32
    

    What I can see is:

    • SolusVM host node sends neighbor solicitation from a global address. ndppd responds from a global address. Everything works.
    • Virtualizor host node sends neighbor solicitation from a link-local address. ndppd responds from a link-local address. The neighbor advertisement seems to be rejected.
    • If the solicited address is assigned to the KVM machine itself and not ndppd, the neighbor advertisement is sent from the global address, and Virtualizor would accept it.

    Is there any way to make ndppd send neighbor advertisement from the solicited address?

  • @yoursunny Yes I have found that it will not work on some ISPs, but never got details why.
    You should contact the developer with these findings: https://github.com/DanielAdolfsson/ndppd/issues

    Thanked by (1)AaronSS
Sign In or Register to comment.