Hello, (I also posted this on the Ubuntu forums since it's probably quite specific, but I also try my luck here). I've been trying to add ipv6 conectivity to a vm in kvm with libvirt, starting with the default NAT ipV4 virtual network. ipv6 works fine on the host. The ipv4 nat to the vm (named "test0") works. I first tried to add an ipv6 block into the default network configuration, but since NAT with ipv6 sounds weird, and I wanted to make sure it wasn't the source of my problems, I created a second network "ipv6bridge", using this ipv6 only configuration : Code: <network> <name>ipv6bridge</name> <bridge name='virbr1' stp='on' delay='0'/> <mac address='52:54:00:b5:04:bf'/> <forward mode="route" /> <ip family='ipv6' address='<my ipv6 block>::' prefix='120'> <dhcp> <range start='<my ipv6 block>::10' end='<my ipv6 block>::ff'/> <host id='<the host id for ipv6>' name='test0' ip='<my ipv6 block>::10'/> </dhcp> </ip> </network> But with both (ipv6 in default NAT, or ipv6bridge network), I get the same error when I start them (using virsh net-start <network-name> Code: error: Failed to start network ipv6bridge error: internal error: Check the host setup: enabling IPv6 forwarding with RA routes without accept_ra set to 2 is likely to cause routes loss. Interfaces to look at: eno1 So I guess this is about packet forwarding and not about converting the the ancient egyptian god. I can change it using sysctl, but I don't manage to make it persistant through reboot, not even by putting it in the sysctl.conf file or sysctl.d. There is no trace of it in the syslog, and the command netplan apply seems to reset any change I make with sysctl, so I guess netplan erases at boot any change I make. Otherwise, if I set in netplan eno1: accept_ra: false The value of net.ipv6.conf.eno1.accept_ra will still be 0, but virsh won't complain while starting the network, which is completely counterintuitive. Anyway, if I go further, by forcing sysctl -w net.ipv6.conf.eno1.accept_ra=2 the virtual network seems to work and gives the right ipv6 address to the vm, as shown by the virsh net-dhcp-leases command : Code: Expiry Time MAC address Protocol IP address Hostname Client ID or DUID --------------------------------------------------------------------------------------------------------------------------------------- 2021-05-30 14:57:22 52:54:00:79:3d:43 ipv6 <my ipv6 block>::10/120 test0 00:02:00:00:ab:11:48:86:57:70:35:90:a2:ed the "ip -6 route show command " also shows that libvirt did its job by creating the route: Code: <my ipv6 block>::/120 dev virbr1 proto kernel metric 256 pref medium the guest VM has its second interface set to the right ip as shown by ifconfig: Code: enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::5054:ff:fe79:3d43 prefixlen 64 scopeid 0x20<link> inet6 <my ipv6 block>::10 prefixlen 128 scopeid 0x0<global> ether 52:54:00:79:3d:43 txqueuelen 1000 (Ethernet) RX packets 157 bytes 9189 (9.1 KB) RX errors 0 dropped 141 overruns 0 frame 0 TX packets 20 bytes 1879 (1.8 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 But it won't have any connectivity, pinging the host or google won't do anything. Trying to ping the guest from the host, I get PING <my ipv6 block>::10(<my ipv6 block>::10) 56 data bytes From <my ipv6 block>:ff:ff:ff:fd icmp_seq=1 Destination unreachable: Address unreachable Trying a traceroute, even with forcing the virbr1 interface, it will send packets to the outside. ip6tables -L outputs : Code: Chain INPUT (policy ACCEPT) target prot opt source destination LIBVIRT_INP all anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination LIBVIRT_FWX all anywhere anywhere LIBVIRT_FWI all anywhere anywhere LIBVIRT_FWO all anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination LIBVIRT_OUT all anywhere anywhere Chain LIBVIRT_FWI (1 references) target prot opt source destination ACCEPT all anywhere <my ipv6 block>::/120 REJECT all anywhere anywhere reject-with icmp6-port-unreachable Chain LIBVIRT_FWO (1 references) target prot opt source destination ACCEPT all <my ipv6 block>::/120 anywhere REJECT all anywhere anywhere reject-with icmp6-port-unreachable Chain LIBVIRT_FWX (1 references) target prot opt source destination ACCEPT all anywhere anywhere Chain LIBVIRT_INP (1 references) target prot opt source destination ACCEPT udp anywhere anywhere udp dpt:dhcpv6-server ACCEPT udp anywhere anywhere udp dpt:domain ACCEPT tcp anywhere anywhere tcp dpt:domain Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT udp anywhere anywhere udp dpt:dhcpv6-client ACCEPT udp anywhere anywhere udp dpt:domain ACCEPT tcp anywhere anywhere tcp dpt:domain That's as far as I go. When I try to define virbr1 in netplan, libvirt will refuse to start, it seems it wants to create it itself. I guess there's something about setting forwarding in eno1 and virbr1, but I don't know if I can do it in Netplan, especially if libvirt creates virbr1 afterwards.