-
-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for IPv6 networks (on Linux clients) #1459
Add support for IPv6 networks (on Linux clients) #1459
Conversation
Newly generated networks automatically generate an IPv6 prefix of size 64 within the ULA address range, devices obtain a randomly generated address within this prefix. Currently, this is Linux only and does not yet support all features (routes currently cause an error).
Hello @pulsastrix, thanks for the fantastic contribution! Would it be possible for you to join our Slack workspace to discuss a few points for this feature? Maybe we can schedule a short call as well. |
Quick status update: Additionally, the "Assign IPv6 address by default" setting has now been replaced by a groupwide IPv6 toggle, i.e. it is now possible to enable IPv6 for an entire group at once. Finally, the Dashboard-PR has been rewritten based on the new UI. I plan on resolving the remaining TODOs and getting this PR in a reviewable/testable state sometime during the next week, although i can't make any guarantees. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @pulsastrix for the changes. We will start reviewing the PR.
I left couple of notes already.
Also improved stability of IPv6 route and firewall handling on client side
Aside from the documentation (which I will probably write tomorrow) this pull request should now be ready for review. Question for the maintainers: As far as I can tell the methods |
Documentation has now been written and can be found in netbirdio/docs#165. |
@pulsastrix, will these changes support routing traffic to private ipv6 networks? |
@scriptjs Yes, adding routes to IPv6 networks is supported through these changes, assuming that the netbird client running on the routing peer has IPv6 support (i.e. is a Linux peer running using the kernel Wireguard implementation and nftables firewall backend). |
@pulsastrix Awesome! Hope this gets merged soon. |
hi @pulsastrix |
@pulsastrix If you need help/guidance to merge the new routemanager changes, let me know |
@pulsastrix I am creating a feature branch for this PR as it is planned for this quarter and it will be better for us to continue your development and add support to all OS. |
@pulsastrix, @mlsmaycon What sort of time line are we looking at to see this merged? With support for Linux to start. |
@scriptjs I've been pretty busy with other stuff for the past few weeks, but I will most likely get back to working on this until the end of this week/in the next few days. However, as I'm just an outside contributor, I unfortunately don't know when this feature will be part of a release version. |
@@scriptjs, we are looking into focusing on this feature starting next month. We will take over the amazing work done by @pulsastrix and add IPv6 to further clients. @pulsastrix, we know you have many conflicts now; let us know if you need help resolving them. |
Sorry for the delay, I was unfortunately quite busy with other stuff. I have now merged in all of the upstream changes from the main branch. |
No need to worry, thanks for going over the conflicts. We will review it ASAP. |
Quality Gate passedIssues Measures |
@mlsmaycon Any chance you will get to this soon. Has been a long road to this point and would like to a release with the changes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @pulsastrix.
Due to the amount of diff between the code and our current changes, we will take a different approach for the IPv6 and release the feature when all clients have support to it later this year.
8b0398c
into
netbirdio:feature/ipv6-support
Describe your changes
This PR adds some initial support for assigning IPv6 addresses to hosts inside of the wireguard network.
For now, only Linux using the kernel module and nftables as the firewall implementation is supported.
Note for reviewers:
I have been working on this on and off for a couple of months and had to merge in a lot of upstream changes, it's probably easier to review the final version instead of going through each commit separately. 😅
Notes on address assignment
On network creation (or assignment of the first IPv6 address for existing networks), a random /64 prefix in the ULA range is generated, which will be used for devices on the network.
On enabling IPv6 on supported hosts, a random address will be generated for the host.
Disabling and then re-enabling IPv6 results in a new IPv6 address being generated.
Testing
I have tested this PR on the following clients:
Unfortunately, I don't have the environment set up and/or lack the devices to test other operating systems.
How to test:
Known issues and TODOs
unsure if this is still the case or if other changes i made fixed that by nowhaven't seen this problem during my testing anymoreor groupsthat have IPv6 disabledDisallow disabling IPv6 for peer if it is acting as a routing peer for an IPv6 routeAdding support for other operating systems/Linux with iptables/uspfilter is probably something better suited for a separate PR, considering the current size of this one.
I have done some preliminary testing with enabling IPv6 on Windows in one of the older commits - assignment of IPv6 addresses is pretty trivial. However, due to some issue (probably routing), I wasn't able to ping other peers, which is why I did not include it for this PR.
Issue ticket number and link
Resolves (partially) #1167 and #46
Checklist
Is it a bug fixIs a typo/documentation fixIt is a refactor