Skip to content
This repository has been archived by the owner on Jun 4, 2021. It is now read-only.

Explicit IPv6 config option: sslh/shadowsocks/gateway, plus DO IPv6 #1382

Open
wants to merge 32 commits into
base: master
Choose a base branch
from

Conversation

nopdotcom
Copy link
Member

I'm open to the default being "no".

This PR adds configurability to #1361. In addition to systems where IPv6 is auto-detected, it requests DigitalOcean IPv6 provisioning. Original description follows.


If a system has existing IPv6 connectivity, support some services over IPv6. (In other words, let's postpone work on provisioning IPv6 on servers; that can happen in parallel.)

  • sslh: Adding another listen line opens up the gateway (and ssh).

  • shadowsocks: Adding another listen address opens the service; obfs works too.

  • gateway: Adding the IPv6 address to the self-signed gateway SSL cert works.

Note that systems with IPv6 ingress get IPv6 egress for connection-oriented services for free; check with https://ipv6.google.com/

@nopdotcom nopdotcom added the status/group-decision-needed For items that need discussion by the maintainers label Jul 13, 2018
@clenga
Copy link

clenga commented Sep 28, 2018

Interested in seeing this happen and will contribute in anyway i can. I run openvpn server through streisand and recently switched my phone carrier to tmobile which uses ipv6 for highspeed 4glte data connection. Ive briefly attempted manual config of ipv6 using my linode VPS but still working through the limited documentation/support for openvpn ipv6.

@alimakki
Copy link
Collaborator

@clenga I have a branch with OpenVPN, WireGuard and OpenConnect running on ipv6 if you'd like to give it a try: https://github.com/alimakki/streisand/tree/wireguard_ipv6

@clenga
Copy link

clenga commented Sep 28, 2018

@alimakka great! I will give it a try tonight and report back to you with my results

@clenga
Copy link

clenga commented Sep 30, 2018

@alimakka , how far does your branch go into configuring ipv6? For example, i am using linode and with linode, when you request an ipv6 block , everything must be manually configured with static ip associations. Does your branch configure ipv6 by taking the ipv6 address from /etc/network/interfaces or can it configure the entire ipv6 setup, from start to end on a VPS by using an API KEY. This would further simplify the ipv6 proccess for the end-users. Once a linode member is approved for a ipv6 address pool in the /64 block, the NEW ipv6 address is now attached to the account and as a result, any subsequent API Keys.

@alimakki
Copy link
Collaborator

@clenga my branch is based off of this current branch - so if the server does have an IPv6 address it should be detected by the script if IPv6 is enabled. The relevant line can be found here. I believe it does essentially populate the ipv6 address from the default interface.

I just ran it against Linode using my API key, and everything worked through and through. As per Linode's documentation, all new servers are provisioned with IPv6 address by default, which works in our favor.

@cpu
Copy link
Collaborator

cpu commented Oct 20, 2018

I'm open to the default being "no".

I think that's the best idea initially. You could add a prompt to change it to the customization process. I'm wary about turning on IPv6 by default until we're pretty confident that all of the services, firewall rules, and instructions work reliably and don't have any weird IPv6 interactions.

@clenga
Copy link

clenga commented Nov 8, 2018

@alimakki First and foremost I appologize that it took so long to report back... Your IPV6 branch does indeed work well. Initially i had some issues getting the correct fork to install using termux but I believe it was mostly from my inexperience installing a specific fork rather than the git master... Anyways, after some trial an error and learning, I installed your fork, streisand prompted me for ipv6 and everything then fell into place seemlessly. I was able to successfully run both ipv4 and ipv6 configurations using my linode. I use a galaxy s9 running android 8.0 on tmobile network (tmobile uses ipv6 for LTE), configured my Linode VPS using termux for android and successfully connected using 2 different android openvpn clients, OpenVPN Connect and OpenVPN for Android by Arne Shwab. I felt that the OpenVPN client by Arne accepted the ipv6 config with more ease and with minimum user adjustments. I look forward to the future of streisand and all the developers like yourself @alimakki who dedicate the time, work, and knowledge into these projects. I will report back again, as soon as my linode is back up and running, if you have the need for more testing/logging/debugging.

@alimakki
Copy link
Collaborator

alimakki commented Nov 8, 2018

@clenga Thank you for your valuable feedback, I'm glad that the fork ended up working out for you. Also there's no need to apologize, we're all volunteers here :)

OpenVPN has always been somewhat of a point of contention - differences between clients on mobile and desktop machines (as well as free vs proprietary) makes it a bit tougher to get right. I've had issues with the iOS OpenVPN client switching back and from with IPv6 enabled cellular to IPv4-only WiIFi for example with the only solution being a manual disconnect/reconnect.

In any case should you encounter any further issues I've created a WIP PR #1471 for full IPv6 support , so feel free to submit comments or feedback should you have any.

Cheers!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants