Cloudron breaks IPv6 support on Amazon Lightsail
-
Dear all,
Unfortunately, Cloudron breaks the IPv6 support of Amazon Lightsail.
Steps to reproduce:
- Create a Lightsail instance (e.g., a dual-stack IPv4 and IPv6 instance in Frankfurt with Ubuntu 24.04 OS only for USD 12).
- Log into the new instance and confirm that IPv6 is working, e.g., by running:
curl https://ipv6.icanhazip.com- Install Cloudron (with or without the --provider lightsail flag).
wget https://cloudron.io/cloudron-setup chmod +x cloudron-setup ./cloudron-setup --provider lightsail- Reboot at the end of the installation.
- Log in to the instance again. Important: Wait at least 10 minutes.
- Try
curl https://ipv6.icanhazip.comagain. IPv6 is no longer working.
When executing
ip ayou see the lifetime of the IPv6 address. Once this lifetime expires, the IPv6 connection breaks.
Is there a known fix for this issue?
-
Dear all,
Unfortunately, Cloudron breaks the IPv6 support of Amazon Lightsail.
Steps to reproduce:
- Create a Lightsail instance (e.g., a dual-stack IPv4 and IPv6 instance in Frankfurt with Ubuntu 24.04 OS only for USD 12).
- Log into the new instance and confirm that IPv6 is working, e.g., by running:
curl https://ipv6.icanhazip.com- Install Cloudron (with or without the --provider lightsail flag).
wget https://cloudron.io/cloudron-setup chmod +x cloudron-setup ./cloudron-setup --provider lightsail- Reboot at the end of the installation.
- Log in to the instance again. Important: Wait at least 10 minutes.
- Try
curl https://ipv6.icanhazip.comagain. IPv6 is no longer working.
When executing
ip ayou see the lifetime of the IPv6 address. Once this lifetime expires, the IPv6 connection breaks.
Is there a known fix for this issue?
@hcj-online yes, this was fixed a while ago in https://git.cloudron.io/platform/box/-/commit/7f87af5a0827af431a3ecb8bfca4bc693c3707b0 . It's part of the next release.
To fix locally:
- Edit
/home/yellowtent/box/setup/start/cloudron-firewall.sh - Around line 111, add the line
$ip6tables -t filter -A CLOUDRON -p udp --sport 547 --dport 546 -j ACCEPT - Reboot server
-
The code around that block should look like this:
# ICMPv6 is very fundamental to IPv6 connectivity unlike ICMPv4 echo "==> Allow ICMP" $iptables -t filter -A CLOUDRON -p icmp --icmp-type echo-request -j ACCEPT $iptables -t filter -A CLOUDRON -p icmp --icmp-type echo-reply -j ACCEPT $ip6tables -t filter -A CLOUDRON -p ipv6-icmp -j ACCEPT $ip6tables -t filter -A CLOUDRON -p udp --sport 547 --dport 546 -j ACCEPT ipxtables -t filter -A CLOUDRON -p udp --sport 53 -j ACCEPT # for ldap,dockerproxy server (ipv4 only) to accept connections from apps. for connecting to addons and mail container ports, docker already has rules $iptables -t filter -A CLOUDRON -p tcp -s 172.18.0.0/16 -d 172.18.0.1 -m multiport --dports 3002,3003 -j ACCEPT -
Thanks! Adding the line solves the issue. Time to roll out the update!
-
G girish has marked this topic as solved