Hetzner native IPv6 addresses allocation bug

Hetzner has started to offer native IPv6 addresses however the way VM assigns those addreses will not work in debian.

Hetzner is the largest ISP and Data Centre in Germany and Switzerland.

The main doc (only in German) is at http://wiki.hetzner.de/index.php/Zus%C3%A4tzliche_IP-Adressen_Debian

If you need to see what a working interfaces file looks like I am more then happy to attach it here.

I had to manually add IPv6 addresses in the interfaces file and also edit the domain(s) config file(s) under /etc/webmin/virtual-server/domains/ and also the apache config to get IPv6 working.

If you need or want access to the client's server that I setup with IPv6 I can arrange that also.



Unfortunately I don't speak german, so that doc isn't too helpful :-(

But if you could give an example of an interface that has been setup the way they expect (or explain exactly what Virtualmin is doing wrong), I should be able to fix it ..

Here is a actual interfaces file I am using for a client.

### Hetzner Online AG - installimage
#IPs: 2a01:4f8:121:31a2:: /64
#Gateway: 2a01:4f8:121:31a0::1 /59
#Useable IP addresses: 2a01:4f8:121:31a2::2 to 2a01:4f8:121:31a2:ffff:ffff:ffff:ffff
# Loopback device:
auto lo eth0 eth0:1
iface lo inet loopback

# device: eth0
iface eth0 inet static

iface eth0 inet6 static
        # Main-IPv6 address of the server
        address 2a01:4f8:121:31a2::2
        netmask 64
        up ip -6 route add 2a01:4f8:121:31a0::1 dev eth0
        down ip -6 route del 2a01:4f8:121:31a0::1 dev eth0
        up ip -6 route add default via 2a01:4f8:121:31a0::1 dev eth0
        down ip -6 route del default via 2a01:4f8:121:31a0::1 dev eth0
        up route add -net netmask gw eth0
        # Default routes
        up /sbin/ifconfig eth0 inet6 add 2a01:4f8:121:31a2::3/64

#IPs: 2a01:4f8:121:31a2:: /64
#Gateway: 2a01:4f8:121:31a0::1 /59
#Useable IP addresses: 2a01:4f8:121:31a2::2 to 2a01:4f8:121:31a2:ffff:ffff:ffff:ffff

# default route to access subnet

iface eth0:1 inet static

Ok .. so it looks like the only thing missing is the route addition statements in the up and down options. Correct?

It's missing pointopoint also.

And I think the way VM was adding IPv6 was just simple up lines if I'm correct...


iface eth0 inet6 static
        address 2001:470:1f01:232::1
        netmask 64
        up /sbin/ifconfig eth0 inet6 add 2001:470:1f01:232::2/64
        up /sbin/ifconfig eth0 inet6 add 2001:470:1f01:232::3/64

And that will not work with Hetzner since they are Native IPv6 now and not using 6to4 tunneling.

Yes, Virtualmin just adds those up /sbin/ifconfig lines. This works fine for me on a IPv6 LAN .. if anything, Virtualmin doesn't support tunnelling.

So if you just add that pointtopoint directive and the up and down route adds, do additional IPv6 addresses added by Virtualmin work OK?

No -- without a fix adding a private IPv6 fails.

It needs those routing statements added each time -- the PtoP IP is only required once.

So in your example above, you have :

        address 2a01:4f8:121:31a2::2         up ip -6 route add 2a01:4f8:121:31a0::1 dev eth0
        down ip -6 route del 2a01:4f8:121:31a0::1 dev eth0

What's the relation between the address and the route destination?

I have no clue why its this way. All I know is that for anyone else or even 4to6 tunneling its not a issue how you allocate the ipv6 addresses but it is for Hetzner.

If you want to play around on that server let me know and I'll setup the access.

Ok .. but I'm not sure if I really want to add some special case code to Virtualmin just to support their method of IP allocation. Since it seems like it would be incompatible with the way IPv6 addresses are assigned now..

So how are you going to handle this then ? If you aren't going to try and fix it you can't just ignore it.

I can can edit the domain config files to show the IPv6 allocations and edit the interfaces file but not a lot of people are techy like me.

And you really can't ignore this as Hetzner is a major ISP and server provider in the EU..... they aren't just in Germany... and they are also the backbone for most ISP's in the region.

As a work-around till I figure out a fix, you could add the IPs to /etc/network/interfaces manually, bring them up, and then use the "Already active" checkbox on the domain creation from..