Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use multiple interfaces for outbound connections #261

Closed
karolyi opened this issue May 29, 2020 · 4 comments
Closed

Use multiple interfaces for outbound connections #261

karolyi opened this issue May 29, 2020 · 4 comments

Comments

@karolyi
Copy link

karolyi commented May 29, 2020
edited
Loading

Hey,

I run the latest iframely (checked out from the repo) in a FreeBSD jail that has multiple outbound interfaces; one for IPv4, one for IPv6. Some hosts are unreachable with IPv4 while they are with IPv6, and vice versa. Yet iframely only tries to reach them on one, and doesn't try the other. I get failures for hosts that are online because of this.

For clarity, here's the output of ifconfig:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether a8:a1:59:09:76:de
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.12 netmask 0xffffffff
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:bb:4e:1a:de:00
        inet6 2a21:4a89:41a5:15df::33 prefixlen 128
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        groups: bridge
        nd6 options=1<PERFORMNUD>

As you can see, em0 has no IP address, whereas lo0 has an IPv4 (NAT-ed), and bridge0 has an IPv6 (public). It seems to me that iframely will only use IPv4 in this case.

Using the normal telnet command to reach a certain host outside with a TCP connection will probe IPv6 first and then IPv4. This is not the case with iframely.

Can you please fix this?
@iparamonau
Copy link
Member

Hey, thanks for this. Do you have examples of URLs that do not work for you that way? The more the better...

@karolyi
Copy link
Author

karolyi commented May 29, 2020

The URLs I use are basically pointing back to my system, from one jail to another where some firewall rules are not configured. So basically not off the top my head, but you can gather some with some searching around.

If I manage to find external ones, I'll report them here.

@karolyi
Copy link
Author

karolyi commented May 29, 2020

IPv6 only:
https://ungleich.ch/en-us/cms/blog/2019/02/05/list-of-ipv6-only-services/
https://ipv6.cybernode.com/list-of-ipv6-only-sites

https://dual.tlund.se/

Like I said, you can find many sites with a bit of searching, that's not the problematic part. The more problematic part, in order to reproduce the problem, you'll have to set up a docker container (if possible) or a FreeBSD jail that has said two interfaces with one type of IP address each. I think that's where the problem lies.

@iparamonau
Copy link
Member

Thanks again for reporting. The develop branch now includes #344. The IPv6-only issue should now be resolved, albeit the minimum node version was bumped to 14 now.

We'll be wrapping it into a release soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iparamonau @karolyi