Proxmox networking setup in a Hetzner data center with IPv6

It would be a miracle if you haven’t read about the global IPv4 shortage. Because of that more and more datacenters switch to at least IPv6 support if not IPv6 only. If you have support from your provider I would strongly recommend to make use of it.


IPv6 has a number of benefits over IPv4. The most obvious one is that the address space is not limited to 32 bit. It has an incredible 128 bit. This means IPv6 can address 340,282,366,920,938,463,463,374,607,431,768,211,456 instead of just 4,294,967,296. So the address space is practically infinite. Because of the huge amount of unique addresses routing is also way easier and therefor more power efficient. Last but not least it’s also more secure because it has a more streamlined header. The header of IPv4 on the other was expanded multiple times over the years and is now very complicated to analyze.

Since the address is four times longer than the IPv4 equivalent there is also a new notation which looks something like this:


As you can tell even though it’s written out in Hex it’s still pretty long. That’s why some addresses might use two double colons to signal that there are only zeros in between. If you want to learn more about IPv6 check this out.


This article is a add-on to a previous one you can find here, which describes the network setup for IPv4 only.

Other than that – of course you need a dedicated server from Hetzner (with IPv6 addresses available).


We start with the file at /etc/network/interfaces with IPv4 support only and add two new entries.

iface enp0s31f6 inet6 static
address xxxx:xxxx:xxxx:xxxx::1
netmask 128
gateway fe80::1
enp0s31f6 is my network interface name. Yours is very likely different. If you are wondering what yours is called, check your own interfaces file.
The address may be any address from your IPv6 address space. I preferred the first possible one (zero at the end is a network address not a host address)
The value of netmask must be 128 even though your address space is larger. Otherwise your route (see below) won’t work.
The Gateway must be this specific value. Otherwise Hetzner blocks your traffic.
iface vmbr0 inet6 static
address xxxx:xxxx:xxxx:xxxx::1
netmask 64
up ip -6 route add xxxx:xxxx:xxxx:xxxx::/64 dev vmbr0
vmbr0 is the network bridge we used for IPv4. It’s also possible to generate a second virtual network bridge with a different name. This bridge then needs to be attached separately to the VMS/Container.
The given address must be the same from the block above.
The value of the netmask can be found in the robot control center or in a default network configuration. It’s typically 64
Last but not least we need to add a route which forwards all IPv6 traffic, not regarding the host to vmbr0. Give the route your network address (without any number at the end).

In the end you should have something similar to this file:

The last thing you need to do is enabling IPv6 forwarding. Just execute
sysctl -w net.ipv6.conf.all.forwarding=1
with root privileges.


There is one small thing to consider when you want to use IPv6 in a VM or a Container.

If your using a LXC-Container in Proxmox your lucky. When your configuring a new container you can edit this specific setting during the creation process or even after the creation. When your configuring a IPv6 address set your gateway to the address you set earlier for your host system (in our case: xxxx:xxxx:xxxx:xxxx::1).

Since every VM is different to manage, please refer to your distros help page for setting the correct IPv6 gateway.

And that’s about it. Signing off.

WordPress Appliance - Powered by TurnKey Linux