Skip to content

Latest commit

 

History

History
52 lines (39 loc) · 1.96 KB

ipv6.md

File metadata and controls

52 lines (39 loc) · 1.96 KB

IPv6

💁 @Vexz00 confirmed nothing is leaking using IPv6 🎉

If you find something suspect related to IPv6, please create an issue on this repository 😉

Setup

  1. Ensure your Kernel has IPv6

    lsmod | grep ipv6

    Should show something.

  2. On your Docker host, edit and create if needed /etc/docker/daemon.json with the following JSON key-value pairs:

    {
      "ipv6": true,
      "fixed-cidr-v6": "2001:db8:1::/64",
      "experimental": true,
      "ip6tables": true
    }

    ⚠️ Ensure to change the documented address 2001:db8:1::/64 with a valid IPv6 network. The default IPv4 pools are from the private address range, the IPv6 equivalent would be ULA networks.

    Reference: Docker documentation on IPv6

  3. Restart the Docker daemon to reload its JSON configuration. Most Linux distributions use sudo systemctl restart docker to do this.

  4. Edit your Gluetun docker-compose.yml and add the sysctls section:

    services:
      gluetun:
        # ...
        sysctls:
          - net.ipv6.conf.all.disable_ipv6=0
  5. Depending on the VPN protocol used:

    • OpenVPN: the IPv6 server address and configuration will automatically be picked up if IPv6 support is detected
    • Wireguard: modify the WIREGUARD_ADDRESSES value to have both an IPv4 and IPv6 address. Note if you only set an IPv6 Wireguard address, all IPv4 traffic won't go through which is undesirable.
  6. Test your setup:

    1. Launch your docker-compose stack

    2. Run:

      sudo docker run --rm --network=container:gluetun alpine:3.20 sh -c "apk add curl && curl -6 --silent https://ipv6.ipleak.net/json/"

      And this should show the IPv6 address of the VPN server.