💁 @Vexz00 confirmed nothing is leaking using IPv6 🎉
If you find something suspect related to IPv6, please create an issue on this repository 😉
-
Ensure your Kernel has IPv6
lsmod | grep ipv6
Should show something.
-
On your Docker host, edit and create if needed
/etc/docker/daemon.json
with the following JSON key-value pairs:{ "ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true }
⚠️ Ensure to change the documented address2001:db8:1::/64
with a valid IPv6 network. The default IPv4 pools are from the private address range, the IPv6 equivalent would be ULA networks. -
Restart the Docker daemon to reload its JSON configuration. Most Linux distributions use
sudo systemctl restart docker
to do this. -
Edit your Gluetun
docker-compose.yml
and add thesysctls
section:services: gluetun: # ... sysctls: - net.ipv6.conf.all.disable_ipv6=0
-
Depending on the VPN protocol used:
- OpenVPN: the IPv6 server address and configuration will automatically be picked up if IPv6 support is detected
- Wireguard: modify the
WIREGUARD_ADDRESSES
value to have both an IPv4 and IPv6 address. Note if you only set an IPv6 Wireguard address, all IPv4 traffic won't go through which is undesirable.
-
Test your setup:
-
Launch your docker-compose stack
-
Run:
sudo docker run --rm --network=container:gluetun alpine:3.20 sh -c "apk add curl && curl -6 --silent https://ipv6.ipleak.net/json/"
And this should show the IPv6 address of the VPN server.
-