search

AuthMe / AuthMeReloaded

The best authentication plugin for the Bukkit/Spigot API!
https://www.spigotmc.org/resources/authmereloaded.6269/
GNU General Public License v3.0
633 stars 515 forks source link

IPv6 not working (Maybe a feature Request?) #2417

Closed ichbestimmtnicht closed 3 years ago

ichbestimmtnicht commented 3 years ago

What behaviour is observed:

What happened? Players that are connecting are only identified by their ipv4

What behaviour is expected:

What did you expect? when a player connects to the server with ipv6 only he/she/it gets identified by that

Steps/models to reproduce:

The actions that cause the issue Set the firewall to not allow ipv4 traffic to the server and connect 2 player through an ipv6 address

(For context: This is a security measure from my side -> The Server is in a VPN with me...)

Plugin list:

This can be found by running /pl AuthMe, ChestShop, DeadChest,dynmap,SkinsRestorer,Vault,WorldEdit,WorldGuard

Environment description

Standalone server/Bungeecord network, SQLite/MySql, ... standalone sever powered by https://github.com/itzg/docker-minecraft-server

AuthMe build number:

Version: AuthMeReloaded v5.6.0-beta2 (build: 2453)

Error Log:

[09-08 18:39:55]: [FINE] player1 logged in 172.16.57.1 [09-08 18:39:56]: [FINE] The user player1 has 2 accounts: [09-08 18:39:56]: [FINE] player1,player2. [09-08 18:39:56]: [FINE] player2 logged in 172.16.57.1

They are not in the same network! One plays from great britian, the other one from germany! (Playernames are changed) (There is also the Limbo problem but this is Issue #2413 )

Configuration:

https://hastebin.com/jilerefura.yaml (There aren't a lot of changes)

games647 commented 3 years ago

Players that are connecting are only identified by their ipv4

Only one IP address format is used when creating a connection. If a connection is made with IPv4, we see the IPv4 address and vice versa.

They are not in the same network!

Well they have the same IP address. This looks like a private IP address, so we need to address it to ignore those things. However, it's still necessary for this feature to work to forward the actual origin IP to the plugin or Spigot server. For example BungeeCord does this during the handshake.

Web reverse proxies have a similar feature. Typically, there are HTTP-Headers like x-forwarded-host to receive the knowledge about the original IP for such features like alt account detection. Otherwise we only see the direct origin of the incoming connection which is the VPN exit, because it injects packets into the local host.