IPv6 for Mastodon - how?

stormgrass

The issue

I'm trying to make my Mastodon instance reachable via IPv6 (and, but that might be a Mastodon and not Cloudron-related issue, allow it to add accounts on IPv6-only servers).

What did I do?

I've created an IPv6 address for my Cloudron droplet on Digital Ocean, added that address as a static IP to Cloudron via the Networking section, and then ran a full DNS sync, letting Cloudron write the AAAA records to my Digital Ocean DNS records.

I then tried connecting to my instance via curl, like so:

curl --connect-timeout 10 -v6 https://hemmer.land/@GeschichteFM

But receive this error message (address is obfuscated):

connect to X::X::X::X::X port 443 failed: Network is unreachable
* Failed to connect to hemmer.land port 443: Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to hemmer.land port 443: Network is unreachable

I've also tried adding an IPv6 to Cloudron by using the Network Interface option, which generated another address than the one I got from Digital Ocean via their interface. I then tested via curl again, which generated a different error message:

Immediate connect fail for X::X::X::X::X Invalid argument
* Closing connection 0

The questions

• Seeing how both produce different results in my DNS records: is adding the DO-issued address into Cloudron as a static IP the correct course of action, or should I be using the Network Interface instead?
• Once the correct address is in my DNS records, do I need to do anything else, like change any settings in the Mastodon .env settings?

Thanks in advance,
Richard

mehdi

@stormgrass said in IPv6 for Mastodon - how?:

Seeing how both produce different results in my DNS records: is adding the DO-issued address into Cloudron as a static IP the correct course of action, or should I be using the Network Interface instead?

Not necessarily : it is very common that servers get assigned a /64 IPv6 address : that means a bloc of IP addresses where only the first half is common, and the second half can be anything.

If the 2 addresses have the same first half, there's nothing weird about the results being different.

If not, there's something afoot.

Also, about your curl test failing, dumb question but are you sure that your local machine has IPv6 connectivity ? To test, you can try something like ping6 google.com

mehdi

(BTW, hiding your IPv6 address when you show the domain in your curl example is not very useful ^^ dig AAAA hemmer.land gives 2a03:b0c0:3:d0::13ec:f001)

girish

@stormgrass

• Seeing how both produce different results in my DNS records: is adding the DO-issued address into Cloudron as a static IP the correct course of action, or should I be using the Network Interface instead?

You can just use ' Public IP' in IPv6. No need to configure it statically or use the interface. Once you select that it will show you the "detected" public IPv6.

Once the correct address is in my DNS records, do I need to do anything else, like change any settings in the Mastodon .env settings?

No, nothing is needed.

Also, as a heads up, note that DO gives IPv6 address in blocks of 16. This allows the server to use up to 16 IPv6 addresses.

One thing is, can you check if you can curl -6 https://my.domain.com works? If that doesn't work, there is some other issue at the server/network level.

You can also check curl --connect-timeout 10 -v6 https://social.cloudron.io/@cloudron which our mastodon instance with IPv6.

girish

@stormgrass

• Seeing how both produce different results in my DNS records: is adding the DO-issued address into Cloudron as a static IP the correct course of action, or should I be using the Network Interface instead?

You can just use ' Public IP' in IPv6. No need to configure it statically or use the interface. Once you select that it will show you the "detected" public IPv6.

Once the correct address is in my DNS records, do I need to do anything else, like change any settings in the Mastodon .env settings?

No, nothing is needed.

Also, as a heads up, note that DO gives IPv6 address in blocks of 16. This allows the server to use up to 16 IPv6 addresses.

One thing is, can you check if you can curl -6 https://my.domain.com works? If that doesn't work, there is some other issue at the server/network level.

You can also check curl --connect-timeout 10 -v6 https://social.cloudron.io/@cloudron which our mastodon instance with IPv6.

girish

@stormgrass

• Seeing how both produce different results in my DNS records: is adding the DO-issued address into Cloudron as a static IP the correct course of action, or should I be using the Network Interface instead?

You can just use ' Public IP' in IPv6. No need to configure it statically or use the interface. Once you select that it will show you the "detected" public IPv6.

Once the correct address is in my DNS records, do I need to do anything else, like change any settings in the Mastodon .env settings?

No, nothing is needed.

Also, as a heads up, note that DO gives IPv6 address in blocks of 16. This allows the server to use up to 16 IPv6 addresses.

One thing is, can you check if you can curl -6 https://my.domain.com works? If that doesn't work, there is some other issue at the server/network level.

You can also check curl --connect-timeout 10 -v6 https://social.cloudron.io/@cloudron which our mastodon instance with IPv6.

stormgrass

@girish I actually tried using "Public IP" first, but I always get this error message when I do that:

Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable

One thing is, can you check if you can curl -6 https://my.domain.com works? If that doesn't work, there is some other issue at the server/network level.

That actually produces an error message as well:

curl: (7) Failed to connect to my.stormgrass.com port 443: Network is unreachable

You can also check curl --connect-timeout 10 -v6 https://social.cloudron.io/@cloudron which our mastodon instance with IPv6.

This too:

Trying 2001:19f0:5001:64e:5400:2ff:fee8:d17b:443...
* connect to 2001:19f0:5001:64e:5400:2ff:fee8:d17b port 443 failed: Network is unreachable
* Failed to connect to social.cloudron.io port 443: Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to social.cloudron.io port 443: Network is unreachable

So, does that mean I have both a misconfigured Cloudron droplet AND my machine doesn't have proper IPv6 connectivity (as @mehdi suggested)?

Not even sure any more where all the potential fault-lines are haha

(Also: @mehdi: yeah, trying to obfuscate something that's easily found out via the exact same command I pasted wasn't exactly my proudest moment haha)

girish

@stormgrass Oh, this looks like the droplet actually doesn't have IPv6 configured properly. I assume you turned on IPv6 for an existing droplet? If that's the case, you have to do additional configuration in netplan for IPv6 to work. (DO does netplan auto-configuration only if you enable IPv6 at install time).

girish

@stormgrass This one - https://docs.digitalocean.com/products/networking/ipv6/how-to/enable/#on-existing-droplets . Did you do this?

stormgrass

@girish said in IPv6 for Mastodon - how?:

@stormgrass This one - https://docs.digitalocean.com/products/networking/ipv6/how-to/enable/#on-existing-droplets . Did you do this?

Ah, no, that point I missed. Am trying to fix it now, but the yaml indicated in the doc doesn't exist. So, I've created it and get hit with a syntax error, even though it's a copy of the contents specified.

Anyway, I'll keep investigating, but I think you can mark this as resolved now. Thank you!