LXD 4.13 on Debian 10 and IPv6

Hello guys,

Previous week till now i was banging head into a wall and trying to find a proper solution and get my containers be publicly available… But not luck till now, so i will try to ask more clever people :slight_smile:

Long story short:

I have a Hetzner VPS (Debian 10) with an IPv6 subnet (i guess?). My host has ::1/64 address.

My task is to create a container and assign to it a bunch of ipv6 addresses (let’s say 2 or 4 or 6, whatever).

I have tried a various tutorials (posted in here also), but still no luck archiving to be reached from outside. The only tutorial, which worked was to DNAT ULA address to a address from the ipv6 /64 subnet.

Also tried a luck with slaac and radvd as it says here: https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/ , but also no luch archieving to be reached from outside.

During lxd init i created lxdbr0 and selected auto. Here is my config:

ipv4.nat: “true”
ipv6.dhcp: “false”
ipv6.nat: “false”
ipv6.routing: “true”
description: “”
name: lxdbr0
type: bridge

  • /1.0/instances/c1
  • /1.0/instances/test
  • /1.0/profiles/default
    managed: true
    status: Created
  • none

Any ideas why slaac method is not working? Do you have any suggestions which best method to use if i want to assign more ipv6 addresses and be reachable from outside? ( i will want to automate it later with ansible)

Any information is more than appreciated, so thank you in advance!

Hallo Tomas,

by default, the LXD Bridge is externally “nated” and “firewalled”.
So switching from nat to routed. not enough.
Does the container have access to outside ipv6 addresses?

But please explain your setup in more detail.
“a container and assign to it a bunch of ipv6 addresses”
How and why?

buy the way:
some providers bind IP addresses to MAC addresses
or you have to fill a list for used IP addresses to get proper routed
and so on

I understand that Hetzner’s VPS are restricted to a single MAC, so using an unmanaged bridge or macvlan to the external interface isn’t going to work.

Instead try using routed NIC type which shares the host’s MAC address.