Skip to main content
Version: Next

NAT Provider Native IPv6 Setup

Hetzner

Hetzner supply a /64 IPv6 subnet as default with their servers, but you will need to split it into smaller subnets before you can assign IPv6 to virtual servers. We'll use /80 in this example.

Take 2a01:4f9:1a:9f6c::/64 as the example IPv6 subnet.

Create a new IPv6 block in VirtFusion with the following settings:

Name 2a01:4f9:1a:9f6c::/64

Gateway 2a01:4f9:1a:9f6c:2::2

Primary Resolver 2001:4860:4860::8888

Secondary Resolver 2001:4860:4860::8844

Source Subnet 2a01:4f9:1a:9f6c::

Source Subnet CIDR /64

Output Subnet CIDR /80

Once you've saved those settings, add the following /80 subnets (the first two /80s from the /64) to the blacklist at the bottom of the page:

2a01:4f9:1a:9f6c:1:: (Used on the hypervisor main interface).

2a01:4f9:1a:9f6c:2:: (Used on the NAT interface).

On the hypervisor create a file named network.xml with the following contents. You may change the IPv4 ranges defined, but it's recommended to specify them in /24 ranges for maximum VM OS compatibility.

<network>
<name>natbr0</name>
<forward dev='MAIN_NETWORK_NAME' mode='nat'/>
<bridge name='natbr0' stp='on' delay='0'/>
<ip address='192.168.200.1' netmask='255.255.255.0'/>
<ip address='192.168.201.1' netmask='255.255.255.0'/>
<ip family='ipv6' address='2a01:4f9:1a:9f6c:2::2' prefix='64'/>
</network>

Notice we used the address 2a01:4f9:1a:9f6c:2::2 from the second /80 subnet, and we will be using it as our gateway.

Replace MAIN_NETWORK_NAME with the name of the hypervisor main network. You can find it with ip a.

Still on the hypervisor, you will need to assign the first /80 to the main interface replacing the /64 already defined. For example on Debian 11:

iface enp41s0 inet6 static
#address 2a01:4f9:1a:9f6c::1
address 2a01:4f9:1a:9f6c:1::2
netmask 80
gateway fe80::1

Notice we used the address 2a01:4f9:1a:9f6c:1::2 from the first /80 subnet.

Once you have made the changes, restart the networking.

All we need to do now is bring up the NAT network:

virsh net-define --file network.xml
virsh net-autostart natbr0
virsh net-start natbr0

Misc Notes

NDPPD Configuration

route-ttl 30000

proxy eth0 {
router yes
timeout 500
ttl 30000
rule xxxx:xxxx:xxxx:xxxx::/XX {
static
}
}

sysctl.conf

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_rtr_pref=0
net.ipv6.conf.default.accept_ra_pinfo=0
net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0