NAT Provider Native IPv6 Setup
Hetzner
Hetzner supply a /64
IPv6 subnet as default with their servers, but you will need to split it into smaller subnets before you can assign IPv6 to virtual servers. We'll use /80
in this example.
Take 2a01:4f9:1a:9f6c::/64
as the example IPv6 subnet.
Create a new IPv6 block in VirtFusion with the following settings:
Name
2a01:4f9:1a:9f6c::/64
Gateway
2a01:4f9:1a:9f6c:2::2
Primary Resolver
2001:4860:4860::8888
Secondary Resolver
2001:4860:4860::8844
Source Subnet
2a01:4f9:1a:9f6c::
Source Subnet CIDR
/64
Output Subnet CIDR
/80
Once you've saved those settings, add the following /80
subnets (the first two /80
s from the /64
) to the blacklist at the bottom of the page:
2a01:4f9:1a:9f6c:1::
(Used on the hypervisor main interface).
2a01:4f9:1a:9f6c:2::
(Used on the NAT interface).
On the hypervisor create a file named network.xml with the following contents. You may change the IPv4 ranges defined, but it's recommended to specify them in /24 ranges for maximum VM OS compatibility.
<network>
<name>natbr0</name>
<forward dev='MAIN_NETWORK_NAME' mode='nat'/>
<bridge name='natbr0' stp='on' delay='0'/>
<ip address='192.168.200.1' netmask='255.255.255.0'/>
<ip address='192.168.201.1' netmask='255.255.255.0'/>
<ip family='ipv6' address='2a01:4f9:1a:9f6c:2::2' prefix='64'/>
</network>
Notice we used the address 2a01:4f9:1a:9f6c:2::2
from the second /80
subnet, and we will be using it as our gateway.
Replace MAIN_NETWORK_NAME
with the name of the hypervisor main network. You can find it with ip a
.
Still on the hypervisor, you will need to assign the first /80
to the main interface replacing the /64
already defined. For example on Debian 11:
iface enp41s0 inet6 static
#address 2a01:4f9:1a:9f6c::1
address 2a01:4f9:1a:9f6c:1::2
netmask 80
gateway fe80::1
Notice we used the address 2a01:4f9:1a:9f6c:1::2
from the first /80
subnet.
Once you have made the changes, restart the networking.
All we need to do now is bring up the NAT network:
virsh net-define --file network.xml
virsh net-autostart natbr0
virsh net-start natbr0
Misc Notes
NDPPD Configuration
route-ttl 30000
proxy eth0 {
router yes
timeout 500
ttl 30000
rule xxxx:xxxx:xxxx:xxxx::/XX {
static
}
}
sysctl.conf
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_rtr_pref=0
net.ipv6.conf.default.accept_ra_pinfo=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0