cloudflare
🐛 IPv6 errors with WARP (v 2022.9.1) - Raspberry Pi 4 32 bit (armv7)
Describe the bug We cannot connect to IPv6 servers with the new cloudflared tunnel
To Reproduce
Steps to reproduce the behavior:
cloudflared --protocol auto tunnel run 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX
Tunnel ID : 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX
cloudflared config:
tunnel: 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX credentials-file: /home/pi/.cloudflared/6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX.json warp-routing: enabled: true
Expected behavior Tunneling with IPv6 should work
Environment and versions
- OS: Raspbian 32bit
- Architecture: ARMv7
- Version: Linux retropie 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux
Logs and errors On startup:
WRN Failed to determine the IPv6 for this machine. It will use 2001:db8:: as source IP for error messages such as ICMP TTL exceed error="dial udp [2606:4700:4700::1111]:53: connect: network is unreachable" connIndex=2 ip=198.41.200.53
On tunneling:
DBG tcp proxy stream started flowID=e95825d5-0648-4b24-ad12-7227b9c5f387 ERR error="dial tcp [2a02:26f0:a00::17c7:4b2a]:443: connect: network is unreachable" flowID=e95825d5-0648-4b24-ad12-7227b9c5f387 originService=warp-routing ERR Request failed error="dial tcp [2a02:26f0:a00::17c7:4b2a]:443: connect: network is unreachable" connIndex=0 dest=[2a02:26f0:a00::17c7:4b2a]:443 ip=198.41.200.43 type=tcp
Additional context
I tried enabling --edge-ip-version 6 without success
On startup:
This is a warning that we'll likely make a DBG loglevel message soon, since it is for an upcoming ICMP proxying feature that is trying to listen for ICMP Ipv6 messages and was unable to (probably because your machine does not have IPv6 stack).
On tunneling:
These errors show that IPv6 eyeballs are arriving to your tunnel and are unable to be proxied because cloudflared is running in a machine without IPv6 stack.
Additional context I tried enabling --edge-ip-version 6 without success
That flag is for cloudflared to connect to Cloudflare's edge with Ipv6. It won't help with the warnings above.
Your machine seems to have IPv4 only, and that should connect fine to our edge (it is connecting as far as I can tell), and it should be able to talk to IPv4 origins.
PS: do not mask the Tunnel ID, otherwise it is useless for us. It is not a secret, and without it, we cannot look further into what's going on
Thanks for the swift reply @nmldiegues . So what you are saying is that Raspberry Pi 4 is unable to proxy IPv6 traffic? We tried running it in a Kubernetes cluster on Azure with the same issues as above.
PS: do not mask the Tunnel ID, otherwise it is useless for us. It is not a secret, and without it, we cannot look further into what's going on
Sorry the correct Tunnel ID is: 6e0b7b09-fc0b-4005-863c-32dea2f4616d
What happens when you run:
nc -v 2a02:26f0:a00::17c7:4b2a 443
from your cloudflared machine?
What happens when you run:
nc -v 2a02:26f0:a00::17c7:4b2a 443from your cloudflared machine?
connect to 2a02:26f0:a00::17c7:4b2a port 443 (tcp) failed: Network is unreachable
That's what you should look into fixing: as you can see, that machine cannot connect to that origin IP/port; the problem is not cloudflared
That's what you should look into fixing: as you can see, that machine cannot connect to that origin IP/port; the problem is not cloudflared
I'm trying to proxy some traffic to a Japanese website through a Tunnel running in Japan (due to IP restrictions). I get the IP's when doing n nslookup. Without these IP's (v6) routed through the tunnel, the traffic is not tunneled. Do you have any idea how we can circumvent this? I'm happy to share the domain address with you, but not in this public thread. Happy to email you if it is OK.