IPv6 Connections works not properly

My YunoHost server

Hardware: Raspberry Pi at home /
YunoHost version: 4.3.5
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I try to access my server via IPv4 and IPv6. IPv6 seems to work partially. Connection to the internet works but the ports can not be reached.
Have a look at the diagnosis output.

https://paste.yunohost.org/raw/uhejozukod

Hi, welcome to the forums!

Do you have basic understanding of the differences between IPv4 and IPv6? Does your ISP provide IPv6 connectivity (there still are ISP’s that are IPv4 only :scream: ), and did you find the place in your router to configure the firewall for IPv6?

1 Like

Good questions :wink: My Knowledge of ip addresses is based on minor research. How I understood the difference is that ipv6 provides a much bigger number of addresses as ipv4. So the answer of the difference would be - same idea but ipv6 with a more complex adress.
I am pretty sure that I have ipv4 and ipv6:

Yes I know where to open the ports (Firewall) - IPv4 is working

Tanks a lot for the quick reply!

It was not a quiz :stuck_out_tongue: If you got some background, and already have IPv4 configured, it is a shorter explainer than when you don’t know where to find your router management page :wink:

Yes, looks good!

Your home connection only got 1 IPv4 (usually), but thousands of IPv6 (again, usually). As a result:

  • With IPv4
    • 1 public IP per home connection
    • private IP’s for devices (192.168.x.y , 10.x.y.z, some less used ranges)
    • NAT to point a port on the public IP to a specific device on the LAN
    • check ‘whatismyip.com’ and such sites to find your home IP
  • With IPv6
    • thousands of public IP’s per home connection
    • each device has its own public IP
    • firewall needs to be opened for an IP and a port, but no NAT
    • whatismyipv6.com gives the IP of your computer (the one ending in :4050), not your home
    • your homeserver has another IP

That last bit: if you visit such a whatismyip-site with your phone (on WiFi) and with your computer, they will have the same IPv4, but different IPv6.

That means that you have to use the IP that Yunohost tells you for:

  • DNS configuration (in case of manual DNS for your domain name)
  • Open the firewall for that IP (not for the IP of your computer/laptop)
1 Like

Thanks for the Info, now I have a much better understanding!

Quiz is absolutely fine for me :wink:
What I did was to open the required ports from the server / yunohost as requested for internet connection with ipv4 and ipv6 → My router gives also green light for that. (s. pictures)

I use the yunohost domain with standard DNS config → the yunohost diagnosis says that the DNS config is fine
Diagnosis: https://paste.yunohost.org/raw/kuxicineye

Yeah, great! DNS is ok :slight_smile:

Is the IPv6 that you see in the diagnosis the same IPv6 as in the screenshots, ending in 57bd?

I used to have a Fritz!Box (for ADSL, later fibre, not for cable but I expect them to work the same - it looks the same anyway) and it worked. Sometimes with some trouble, but mostly it was OK.

I’d say the forwardings in the screenshots look good.

When you use the pencil to edit a line, you can disable the forwarding temporarily (instead of deleting it with the red cross). If you do that for the IPv4 forward on port 443, can you still reach the Yunohost from outside the lan? That would imply IPv6 is working, even though Yunohost-diagnosis gives an error.

As an aside, did you know about fritzchecksum? When you got sick of using the Web-interface of the router, you can make a back-up, edit it, calculate the checksum, and upload it to the Fritzbox. The format is a bit peculiar, but more comfortable to work with if you want to edit mulptiple things. Keep a back-back-up, it is sensitive to errors.

No - Did the check right now again.
Diagnosis gives me:

  • Global IP: 2a02:810c:880:68e4:e005:eb17:31d5:4708
  • Local IP: fe80::29a3:717f:52d0:4be7
    Fritt Box:
    2a02:810c:880:68e4:97c9:6186:2884:67bd

Can you explain me what is the IPv6 Interface ID?
In my case:

No that’s not Possible.

IPv6 has an ‘external’ half (first 4 blocks) and an ‘internal’ half (the other 4). The internal half is the part you gave the black decoration.

I usually start counting from the back forwards to match IPv6 when I’m not sure about the external part. IPv6 allows a block of 0’s to be abbreviated like ::, zo your local IP (fe80…) is actually fe80:0000:0000:0000:29a3…

Diagnosis gives the external:internal parts of your Yunohost. The first four match the first four of your Fritzbox ( 2a02:810c:880:68e4 ), after that it’s different. These last four need to be set in the firewall rules as ‘IPv6 Interface-ID’, in those four entry boxes.

Thanks for the support now it works - also diagnosis is green.
Your Aside with the fritzbox I will check.

now just three red boxes left for the next evenings:

Wohoo! :smiley:

You can tell Spamhaus you are running your own mailserver, and they will take you off the ISP-provided list for a year.

For the rDNS your ISP should be able to help you: send them an email with your Yunohosts IPv6 and your domain, so they can add it to their configuration (or they can tell you where to find it in their web interface, if available).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.