ipv6.md

IPv6

⚠️ IPv6 is an experimental Docker feature, no thorough test was done to ensure there is no IP/DNS leak with Gluetun configured with IPv6. Feel free to create an issue or pull request if you have some testing done and can confirm.

Setup

1. Ensure your Kernel has IPv6

   lsmod | grep ipv6

   Should show something.

2. On your Docker host, edit and create if needed /etc/docker/daemon.json with the following JSON key-value pairs:

   {
     "ipv6": true,
     "fixed-cidr-v6": "2001:db8:1::/64",
     "experimental": true,
     "ip6tables": true
   }

   ⚠️ Ensure to change the documented address 2001:db8:1::/64 with a valid IPv6 network. The default IPv4 pools are from the private address range, the IPv6 equivalent would be ULA networks.

   Reference: Docker documentation on IPv6

3. Restart the Docker daemon to reload its JSON configuration. Most Linux distributions use sudo systemctl restart docker to do this.

4. Edit your Gluetun docker-compose.yml and add the sysctls section:

   services:
     gluetun:
       # ...
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=0

5. Depending on the VPN protocol used:

   • OpenVPN: the IPv6 server address and configuration will automatically be picked up if IPv6 support is detected
   • Wireguard: modify the WIREGUARD_ADDRESSES value to have both an IPv4 and IPv6 address. Note if you only set an IPv6 Wireguard address, all IPv4 traffic won't go through which is undesirable.

6. Test your setup:

   1. Launch your docker-compose stack

   2. Run:

      sudo docker run --rm --network=container:gluetun alpine:3.18 sh -c "apk add curl && curl -6 --silent https://ipv6.ipleak.net/json/"

      And this should show the IPv6 address of the VPN server.