Re: IPv6 RA/DHCPv6 support for nspawn?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 18, 2022 at 02:16:56 +0300 <iam@xxxxxxxxxxxxxxx> wrote:
>
> Greetings, everyone.
>
> I'm running systemd v250.4 (Debian 11 backports) and can't find a way to
> automatically configure IPv6 access inside nspawn (machined) container,
> either with or without NAT.
>
> Despite DNAT and MASQUERADE functions for IPv6 being supported since
> v248 and work fine, and networkd's 80-container-ve.network file includes
>      IPMasquerade=both
> by default, there's no records of ULA IPv6 address range to be served
> for the containers.
> If the range is added to the .network file, the IP address from it is
> getting assigned to the interface of host network but not announced to
> guest using RA, at least I tried multiple configuration settings and
> can't get it working.
>
> I ended up configuring IPv6 statically on both host and container, which
> is inconvenient. I found no bugs on bugtracker for this issue. Could it
> be I'm misconfiguring something, and IPv6 RA/DHCPv6 server support
> present in networkd and work for nspawn'ed containers?
>
> P.S. please include me in cc, I'm not subscribed to every email in this
> mail list.

I've had similar issues getting IPv6 DHCP working with QEMU and the provided 80-vm-vt.network (similar to 80-container-ve.network). I have been unable to pass through IPv6 RAs from my router/ISP (via my laptop wifi). The only working IPv6 RA configuration I've found is below--by masquerading and performing RA with an IPv6 ULA.

The configuration below provides a masqueraded IPv6 address to an image booted via mkosi boot (systemd-nspawn -bni) with systemd 250 (250.4-2-arch). Making a similar network file with the match changed to Name=vt-* and Driver=tun gets it working for mkosi qemu as well.

  [Match]
  Name=ve-*
  Driver=veth
 
  [Network]
  # Rewrite src/dst as necessary for traffic
  IPMasquerade=both
 
  # Run a IPv4 DHCP server with a static IP from a dynamically chosen subnet
  DHCPServer=yes
  Address=0.0.0.0/24
 
  # Perform RA with an IPv6 ULA
  LinkLocalAddressing=ipv6
  IPv6AcceptRA=no
  IPv6SendRA=yes
 
  [IPv6Prefix]
  Prefix=fd00::/64
  Assign=yes

I think there have been a fair amount of changes to the IPv6 settings lately due to the great work yuwata and others have been doing. Maybe the provided 80-container-ve.network and 80-vm-vt.network need to be updated to take recent changes into account for IPv6? I'm not sure.

Cheers,
Nick

[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux