Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: IPv6 suddenly no longer working #2713

Open
ioqy opened this issue Feb 21, 2025 · 6 comments
Open

Bug: IPv6 suddenly no longer working #2713

ioqy opened this issue Feb 21, 2025 · 6 comments

Comments

@ioqy
Copy link

ioqy commented Feb 21, 2025

Is this urgent?

No

Host OS

Ubuntu 24.04.2 LTS

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)

What's the problem 🤔

Since today IPv6 is no longer working and I couldn't figure out why.

I did enable IPv6 in the docker daemon config with "ipv6": true (even though it worked without this option just fine until today), but it didn't help.

Executing ip -6 route inside a running gluetun container that only has an IPv4 address in WIREGUARD_ADDRESSES outputs nothing.

Executing docker run -it --rm alpine ip -6 route on the docker host outputs the following:

fdba:d5f3:d260::/64 dev eth0  metric 256
fe80::/64 dev eth0  metric 256
default via fdba:d5f3:d260::1 dev eth0  metric 1024

Executing docker run -it --rm --entrypoint ip qmcgaw/gluetun -6 route (which overrides the gluetun entry point and instead runs ip -6 route) on the docker host outputs the following:

fdba:d5f3:d260::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fdba:d5f3:d260::1 dev eth0 metric 1024 pref medium

So IPv6 is available inside docker containers and it looks to me that somehow gluetun "looses" the IPv6 route.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2025-02-21T11:25:05+01:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2025-02-21T11:25:05+01:00 INFO [routing] local ethernet link found: eth0
2025-02-21T11:25:05+01:00 INFO [routing] local ipnet found: 172.21.0.0/16
2025-02-21T11:25:05+01:00 INFO [firewall] enabling...
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy INPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.21.0.2 -d 172.21.0.0/16 -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.21.0.0/16 -j ACCEPT
2025-02-21T11:25:05+01:00 INFO [firewall] enabled successfully
2025-02-21T11:25:05+01:00 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
2025-02-21T11:25:06+01:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2025-02-21T11:25:06+01:00 ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:x:x:x:x:x:x:x/128
2025-02-21T11:25:06+01:00 INFO Shutdown successful

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_TYPE=wireguard
      - TZ=Europe/Amsterdam

      - WIREGUARD_IMPLEMENTATION=kernelspace

      - VPN_SERVICE_PROVIDER=airvpn
      - SERVER_COUNTRIES=X
      - WIREGUARD_PRIVATE_KEY=X
      - WIREGUARD_PRESHARED_KEY=X
      - WIREGUARD_ADDRESSES=10.x.x.x/32,fd7d:x:x:x:x:x:x:x/128

      - LOG_LEVEL=debug
    ports:
      - 8888:8888
    volumes:
      - /srv/docker-services/proxy/gluetun:/gluetun
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
    healthcheck:
      retries: 10
      interval: 5m
    restart: unless-stopped
@github-actions GitHub Actions
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@ghoste07
Copy link

Just got this too after running system updates on Ubuntu 24.04.2 LTS last night. Along with those updates came docker-ce v28.0.0 (from v27.5.1, using official docker repo instead of ubuntu packages) and looking at the changelog here, it includes a good number of changes to networking. I can see numerous new issues on that repo related to v28 breaking networking for various containers. I can only assume this is the cause at first glance.

Still running Gluetun 3.39.1 myself. Probably gonna try downgrading to docker v27.5.1 soon.

@ioqy What docker-ce version are you running?

@ioqy
Copy link
Author

ioqy commented Feb 21, 2025

@ghoste07
I'm on 28.0.0 too.

@ghoste07
Copy link

Can confirm it was docker v28.0.0 that broke it. Rolled back to v27.5.1 and everything works again.

You can do so (on ubuntu 24.04) with:
sudo apt install docker-ce=5:27.5.1-1~ubuntu.24.04~noble docker-ce-rootless-extras=5:27.5.1-1~ubuntu.24.04~noble docker-ce-cli=5:27.5.1-1~ubuntu.24.04~noble

Also put a hold on those package: sudo apt-mark hold docker-ce docker-ce-rootless-extras docker-ce-cli
I also held back docker-compose-plugin and docker-buildx-plugin for good measure, but that probably isn't required.

@WhyMan1
Copy link

WhyMan1 commented Feb 21, 2025

it is docker v28.0.0 problem

@nikos06
Copy link

nikos06 commented Feb 22, 2025

Hi, I can confirm that docker 28.0 has introduced a change that breaks ipv6 support on existing stacks.
But it is still working if you do these steps :

  1. Stop your stack.
  2. Delete the network used by your stack.
  3. Relaunch your stack and the newly created network will have ipv6 support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nikos06 @ioqy @ghoste07 @WhyMan1