Vimage and IPv6 rtsol

S

Sebastian

Hello,

Does anyone using IPv6 with VIMAGE option enabled? On the host system IPv6 works fine, but inside my jails it does not. IPv4 works out of the box. Added this to my /etc/rc.conf. ( jail )
Code: 
ifconfig_epair4b_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
I did a packet capture which looks absolutely fine. (attached)

But it seems that rtsold(8) is not processing the RA.

How can I debug that further?
 

Attachments

  • Router Advertisement.png
    Router Advertisement.png
    154.8 KB · Views: 420
I'm using ezjails for managing jails.

Code: 
export jail_samba_hostname="samba"
export jail_samba_rootdir="/usr/jails/samba"
export jail_samba_exec_start="/bin/sh /etc/rc"
export jail_samba_exec_prestart0="ifconfig epair4 create up"
export jail_samba_exec_prestart1="ifconfig vswitch1 addm epair4a"
export jail_samba_exec_poststart0="ifconfig epair4b vnet samba"
export jail_samba_exec_poststart1="jexec samba /sbin/dhclient epair4b "
#export jail_samba_exec_poststart2="jexec samba /sbin/ifconfig epair4b inet6 2001:470:1f0b:eb4::0054 prefixlen 64"
export jail_samba_mount_enable="YES"
export jail_samba_devfs_enable="YES"
export jail_samba_devfs_ruleset="devfsrules_jail"
export jail_samba_procfs_enable="YES"
export jail_samba_fdescfs_enable="YES"
export jail_samba_image=""
export jail_samba_imagetype="zfs"
export jail_samba_attachparams=""
export jail_samba_attachblocking=""
export jail_samba_forceblocking=""
export jail_samba_zfs_datasets=""
export jail_samba_cpuset=""
export jail_samba_fib=""
export jail_samba_parentzfs="zroot/ezjail"
export jail_samba_parameters="enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 allow.mount.procfs=1 allow.mount.devfs=1 allow.raw_sockets=1 allow.sysvipc=1"
export jail_samba_post_start_script=""
export jail_samba_retention_policy=""
export jail_samba_exec_poststop0="ifconfig epair4a destroy"


/etc/rc.conf
Code: 
hostname="freebsd.fritz.box"
keymap="german.iso.kbd"
##### IP
#gateway_enable="YES" ### why
ifconfig_igb0="DHCP"
#ifconfig_igb0="192.168.10.100/24"
#defaultrouter="192.168.10.1"


ipv6_network_interfaces="auto"  # List of IPv6 network interfaces
                                # (or "auto" or "none").
ipv6_activate_all_interfaces="YES"       # If NO, interfaces which have no
                                        # corresponding $ifconfig_IF_ipv6 is
                                        # marked as IFDISABLED for security
                                        # reason.
ifconfig_igb0_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"
sshd_enable="YES"

# VIMAGE / VNET Support
cloned_interfaces="bridge1"
ifconfig_bridge1_name="vswitch1"
ifconfig_vswitch1="addm igb0 addm tap1"

#cloned_interfaces="bridge0"
#ifconfig_bridge0_name="vswitch0"
#ifconfig_vswitch0="addm igb0"
##
# decrypt zfs storage then mount it

decrypt_storage_enable="YES"
attach_storage_enable="YES"

# start iohyve at boot
iohyve_enable="YES"
iohyve_flags="kmod=1 net=igb0"

# enable jails
jail_enable="YES"

# jail autostart
jail_list="seedbox emby"

# enable jail mgmt
ezjail_enable="YES"
jail_parameters="vnet=new"
 
Samba doesn't require Vimage for it to work.

I don't use Ezjail with Vimage as it doesn't play nice with each other. Officially, Ezjail doesn't support Vimage.

I use Ezjail to create, destroy, and update jails but I don't run Ezjail service. I use FreeBSD's Jail service with /etc/jail.conf and it works nicely with Vimage with ipv4 and ipv6 addresses.

You should run Samba as a normal jail using ethernet interface or port forwarding with local interface if using firewall.
 
I'm a FreeBSD newbie ;) and don't want to hassle around with PF.

Will stick to vnet and will checkout iocage as a jail manager which supports vnet.

What do you mean by I'm not running ezjail service ? :rolleyes:
 
Sebastian said:
Will stick to vnet and will checkout iocage as a jail manager which supports vnet.
Click to expand...

I don't use iocage so I cannot help with that.

What do you mean by I'm not running ezjail service ? :rolleyes:
Click to expand...

I'm not starting or stopping ezjail service. I am only using it to create, destroy or update jails.

I use FreeBSD Jail service jail start [jailname] to start and stop jails.
 
Thanks for your guide , remington ! But you're configure ipv6 statically that is also working with my solution, but I want to try the dynamic approach via dhcpv6. After a lot of tests I think it is not completely implemented yet , will wait for FreeBSD 11 and try it again.
 
Last edited by a moderator:
I also tried the dhcpv6 before but wasn't able to get it working either. Its possible it's not fully implemented yet or could be missing something. I'll let someone who is more knowledge about this chime in if there's a solution for using dhcpv6. There are lack of documents about using ipv6 with jails. There's one feature I would like to see for ipv6 is aliases with range sets as its available for ipv4.
 
The issue might be with bridge(4) though, not so much VIMAGE. I have a couple of bhyve VMs and they're having some issues with IPv6 too. External addresses appear to work correctly but trying to connect to the host from one of the VMs using IPv6 causes a massive delay. While IPv4 works like a charm. I haven't reported anything yet as I haven't spent enough time diagnosing it.
 
I've noticed there are delays or no responses with some of my servers with jails behind pfSense with two IPv6 /64 subnet addresses. I don't think IPv6 is a priority right now since IPv4 addresses hasn't run out yet but I do hope the issues will be resolved before then.
 
I'm also running one byhve VM (debian) it works perfectly with ipv6 ssh into it without delay. (no pf installed)
 
News News News !
ifconfig epair4b inet6 accept_rtadv

Fixed it ! But the big question is , why do these values aren't working inside the jail ?

I think they should do exactly the same.

Code: 
ifconfig_epair4b_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
 
You must log in or register to reply here.
Back
Top