-
-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(netlink): detect ipv6 support level #2523
base: master
Are you sure you want to change the base?
Conversation
qdm12
commented
Oct 14, 2024
•
edited
Loading
edited
- 'supported' if one ipv6 route is found that is not loopback
- 'internet' if one default ipv6 route is found AND reaching a specified ipv6:port over TCP works outside the VPN
I just tried this and the IPv6 detection does not seem to correctly work for me. I have some link-locals IPv6 but not a routable IPv6, yet it appears to detect IPv6 support as Internet.
|
Here's the logs of the new version!
|
Thanks! It looks like the last route checked as a destination docker run --rm alpine:3.20 ip -6 route show table all To find out why the heck that |
Here's the results of
Start of my
Gateway is present but that's used to contact the host over IPv6, not sure if it's the network config that's problematic? Just to be safe, here's the result of
|
Thank you for the detailed investigation 💯 docker run --rm alpine:3.20 ip a
docker run --rm alpine:3.20 ip -6 a (referencing my previous comment):
|
Sorry for the delay, here's the result of both commands: docker run --rm alpine:3.20 ip a
docker run --rm alpine:3.20 ip -6 a
IPv6 seems to show scope global too, unfortunately. |
Sorry for the delay getting back; so clearly after comparing everything, there is no way to discern your routes/links from someone with full IPv6 support. As a consequence, if a default IPv6 route is found, then a final check dialing an IPv6 address (configurable, for now cloudflare.com IPv6 address) would be done, with the firewall only allowing output traffic to that address. I'm working on it, should be done around tomorrow! |
@diamkil when you have the time, can you try repulling |
70a9bb7
to
e3e6431
Compare
- 'supported' if one ipv6 route is found that is not loopback and not a default route - 'internet' if one default ipv6 route is found
- If a default IPv6 route is found, query the ip:port defined by `IPV6_CHECK_ADDRESS` to check for internet access
This comment was marked as off-topic.
This comment was marked as off-topic.
@Tuxie your comment is rather irrelevant, so I've hidden it. This PR is about finding the IPv6 support level with |