[prev in list] [next in list] [prev in thread] [next in thread]
List: systemd-devel
Subject: Re: [systemd-devel] IPv6 RA/DHCPv6 support for nspawn?
From: Nick Labich <nick () labich ! org>
Date: 2022-04-18 20:55:49
Message-ID: CABONDVoO3VW6O+bSTuK9yG86HkgwLDqZy2UneF2mCsb4J_c3xg () mail ! gmail ! com
[Download RAW message or body]
On Mon, Apr 18, 2022 at 02:16:56 +0300 <iam@valdikss.org.ru> wrote:
>
> Greetings, everyone.
>
> I'm running systemd v250.4 (Debian 11 backports) and can't find a way to
> automatically configure IPv6 access inside nspawn (machined) container,
> either with or without NAT.
>
> Despite DNAT and MASQUERADE functions for IPv6 being supported since
> v248 and work fine, and networkd's 80-container-ve.network file includes
> IPMasquerade=both
> by default, there's no records of ULA IPv6 address range to be served
> for the containers.
> If the range is added to the .network file, the IP address from it is
> getting assigned to the interface of host network but not announced to
> guest using RA, at least I tried multiple configuration settings and
> can't get it working.
>
> I ended up configuring IPv6 statically on both host and container, which
> is inconvenient. I found no bugs on bugtracker for this issue. Could it
> be I'm misconfiguring something, and IPv6 RA/DHCPv6 server support
> present in networkd and work for nspawn'ed containers?
>
> P.S. please include me in cc, I'm not subscribed to every email in this
> mail list.
I've had similar issues getting IPv6 DHCP working with QEMU and the
provided 80-vm-vt.network (similar to 80-container-ve.network). I have been
unable to pass through IPv6 RAs from my router/ISP (via my laptop wifi).
The only working IPv6 RA configuration I've found is below--by masquerading
and performing RA with an IPv6 ULA.
The configuration below provides a masqueraded IPv6 address to an image
booted via mkosi boot (systemd-nspawn -bni) with systemd 250
(250.4-2-arch). Making a similar network file with the match changed to
Name=vt-* and Driver=tun gets it working for mkosi qemu as well.
[Match]
Name=ve-*
Driver=veth
[Network]
# Rewrite src/dst as necessary for traffic
IPMasquerade=both
# Run a IPv4 DHCP server with a static IP from a dynamically chosen subnet
DHCPServer=yes
Address=0.0.0.0/24
# Perform RA with an IPv6 ULA
LinkLocalAddressing=ipv6
IPv6AcceptRA=no
IPv6SendRA=yes
[IPv6Prefix]
Prefix=fd00::/64
Assign=yes
I think there have been a fair amount of changes to the IPv6 settings
lately due to the great work yuwata and others have been doing. Maybe the
provided 80-container-ve.network and 80-vm-vt.network need to be updated to
take recent changes into account for IPv6? I'm not sure.
Cheers,
Nick
[Attachment #3 (text/html)]
<div dir="ltr">On Mon, Apr 18, 2022 at 02:16:56 +0300 <<a \
href="mailto:iam@valdikss.org.ru" target="_blank">iam@valdikss.org.ru</a>> \
wrote:<br>><br>> Greetings, everyone.<br>><br>> I'm running systemd \
v250.4 (Debian 11 backports) and can't find a way to<br>> automatically \
configure IPv6 access inside nspawn (machined) container,<br>> either with or \
without NAT.<br>><br>> Despite DNAT and MASQUERADE functions for IPv6 being \
supported since<br>> v248 and work fine, and networkd's \
80-container-ve.network file includes<br>> IPMasquerade=both<br>> by \
default, there's no records of ULA IPv6 address range to be served<br>> for \
the containers.<br>> If the range is added to the .network file, the IP address \
from it is<br>> getting assigned to the interface of host network but not \
announced to<br>> guest using RA, at least I tried multiple configuration settings \
and<br>> can't get it working.<br>><br>> I ended up configuring IPv6 \
statically on both host and container, which<br>> is inconvenient. I found no bugs \
on bugtracker for this issue. Could it<br>> be I'm misconfiguring something, \
and IPv6 RA/DHCPv6 server support<br>> present in networkd and work for \
nspawn'ed containers?<br>><br>> P.S. please include me in cc, I'm not \
subscribed to every email in this<br><div>> mail \
list.</div><div><br></div><div>I've had similar issues getting IPv6 DHCP working \
with QEMU and the provided 80-vm-vt.network (similar to 80-container-ve.network). I \
have been unable to pass through IPv6 RAs from my router/ISP (via my laptop wifi). \
The only working IPv6 RA configuration I've found is below--by masquerading and \
performing RA with an IPv6 ULA.</div><div><br></div><div>The configuration below \
provides a masqueraded IPv6 address to an image booted via mkosi boot (systemd-nspawn \
-bni) with systemd 250 (250.4-2-arch). Making a similar network file with the match \
changed to Name=vt-* and Driver=tun gets it working for mkosi qemu as \
well.<br></div><div><br></div><div> [Match]<br> Name=ve-*<br> Driver=veth<br> \
<br> [Network]<br> # Rewrite src/dst as necessary for traffic<br> \
IPMasquerade=both<br> <br> # Run a IPv4 DHCP server with a static IP from a \
dynamically chosen subnet<br> DHCPServer=yes<br> Address=<a \
href="http://0.0.0.0/24" target="_blank">0.0.0.0/24</a><br> <br> # Perform RA \
with an IPv6 ULA<br> LinkLocalAddressing=ipv6<br> IPv6AcceptRA=no<br> \
IPv6SendRA=yes<br> <br> [IPv6Prefix]<br> Prefix=fd00::/64<br> \
Assign=yes<div><br></div><div>I think there have been a fair amount of changes to the \
IPv6 settings lately due to the great work yuwata and others have been doing. Maybe \
the provided 80-container-ve.network and 80-vm-vt.network need to be updated to take \
recent changes into account for IPv6? I'm not \
sure.</div><div><br></div><div>Cheers,<br></div><div>Nick<br></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic