Dual stack VPN now fails to give device IPv6 connectivity.

[weedy]

As per my other issue comments/problems, everything worked in K.

So now that endpoint DNS resolution and initial connectivity has been fixed in M or N I have a new problem.

I've reset my Warp config to stock, so I have IPv4 and IPv6 addresses everywhere. DNS is resolving to both versions most of the time. In the proxy configuration tab warp does have IPv6 and IPv4 bubbles versus another tunnel I have that specifically set up only for IPv4.

As far as I can tell I don't get an IPv6 address setup and trying IPv6 only test websites completely fails.

I haven't had the chance to get on a wifi running IPv6, I'm assuming starting from IPv6 will work. But part of my use case for Warp was getting IPv6.

[ignoramous]

Are you using WireGuard in Simple mode or Advanced mode?

One reason you may not see dual-stack (even after setting Configure -> Network -> Choose IP version -> Auto) is because ALL underlying networks (mobile, wifi, if connected) and overlay networks (WireGuard tunnels) must be dual stack.

[weedy]

So I had a small essay started on how this all worked with K and earlier. But I was starting to doubt myself, so I went back and reinstalled K. It doesn't work the way I'm remembering...

Maybe I'm confusing mainline wireguard connectivity with Rethink.

I would LIKE it to upgrade me to IPv6 if the VPN is giving me all the addresses. I want to say this worked before, but now I can't repro it. Maybe I started on a IPv6 network, had both stacks running, and then started roaming.

[ignoramous]

So I had a small essay started on how this all worked with K and earlier.

In prior versions, Rethink did route v6 over Advanced and Simple WireGuard configs alike, even if underlay networks (wifi, mobile, usb, etc) had no v6 connectivity. This of course works just fine until another app tries to connect to v6 endpoints over another WireGuard (lacking v6) or over underlay network (lacking v6) (say, per-app setting Bypass from all proxies is turned ON for it), and fails repeatedly... though decent apps should retry again over v4 (but alas some apps don't as they expect v6 connectivity because Rethink, the VPN, is reporting v6 availability to them).

I would LIKE it to upgrade me to IPv6 if the VPN is giving me all the address

It should if both underlay & overlay networks have v6 connectivity.

If Rethink is set to Configure -> Network -> Auto, you can check the footer of the bottomsheet that comes up when you tap on the downward-arrow next to the STOP/START button on the homescreen to check if Rethink is routing v4+v6.

[ignoramous]

Please check the responses above and if IPv6 still doesn't work (despite dual-stack across ALL underlay and overlay networks), feel free to reopen this issue. Otherwise, things are working as expected, from Rethink's perspective.

Thanks.

[Terrance]

I was just about to raise my own issue which I think is a duplicate of this:

My local wi-fi connection and my WireGuard host both have IPv6 connectivity; my mobile internet does not. I have a WireGuard proxy enabled in Simple mode, routing only internal IP addresses (IPv4 and IPv6). Choose IP version is set to Auto.

Whilst on wi-fi, I can resolve and connect to domains via IPv6 as expected. When I disconnect from the wi-fi and switch to mobile data, Rethink still appears to be trying to connect to any hosts via IPv6, despite the mobile network not supporting this. Setting Choose IP version back to IPv4 correctly prevents the use of IPv6. Disabling the proxy and using the same DNS over direct DoH also correctly sticks to IPv4.

📎 2024-06-14-14-09-17_245.log

With Termux attempting curl https://example.com in a loop, it resolved the DNS to IPv4 first but then switched to IPv6 after a second DNS resolution -- looks like it takes whichever of IPv4 and IPv6 resolve first, and for me IPv6 seems to be winning more often.

If Rethink is set to Configure -> Network -> Auto, you can check the footer of the bottomsheet that comes up when you tap on the downward-arrow next to the STOP/START button on the homescreen to check if Rethink is routing v4+v6.

"protos: IPv4" on mobile data, so it is correctly detecting that IPv6 is unavailable.

[ignoramous]

protos: IPv4" on mobile data, so it is correctly detecting that IPv6 is unavailable

This means Rethink isn't even adding IPv6 to the routing table. You can verify this by running ifconfig in adb shell and looking for tun devices (tun0 or tun1) which should not have an IPv6 address homed to it.

Do you see IPv6 addresses in Network Logs when on mobile data? If not, then the apps are misbehaving.

Make sure Enable network visibility is turned OFF (as that lets apps see underlying network and make their own minds up about available routes).

[Terrance]

You can verify this by running ifconfig in adb shell and looking for tun devices (tun0 or tun1) which should not have an IPv6 address homed to it.

On wi-fi:

tun1      Link encap:UNSPEC
          inet addr:10.111.222.1  P-t-P:10.111.222.1  Mask:255.255.255.0
          inet6 addr: fd66:f83a:c650::1/120 Scope: Global
          inet6 addr: fe80::4e8f:6956:f0dc:9950/64 Scope: Link
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:1558 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1191 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:539681 TX bytes:120086

On mobile data:

tun0      Link encap:UNSPEC
          inet addr:10.111.222.1  P-t-P:10.111.222.1  Mask:255.255.255.0
          inet6 addr: fe80::ebc3:9877:587c:b35b/64 Scope: Link
          UP POINTOPOINT RUNNING  MTU:1280  Metric:1
          RX packets:69 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:5108 TX bytes:19466

So on mobile there's a link-local IPv6 but no global one which I assume is the desired state?

Do you see IPv6 addresses in Network Logs when on mobile data?

Yes -- whilst recording the log above, the Network logs screen showed the IPv4 for the first handful of requests, and then started showing the IPv6 address instead when the requests started failing. The DNS logs screen showed requests for both IPv4 and IPv6, but for the first set of requests the IPv4 answer came in first, and for the second set the IPv6 answer came first.

Make sure Enable network visibility is turned OFF

It is already disabled.

[weedy]

Well again, one of the reasons I have a IPv6 tunnel is a want to use IPv6.

And I want to use it even when my ISP sucks. Is this not planned to come back?

[ignoramous]

Yes -- whilst recording the log above, the Network logs screen showed the IPv4 for the first handful of requests, and then started showing the IPv6 address instead

Concerning. Can you please check what addresses are homed into the tun devices? And can you please capture logs from exactly when you change from wifi (v4+v6) to mobile (v4-only)? Make sure to put Rethink at least in Verbose mode.

[ignoramous]

So on mobile there's a link-local IPv6 but no global one which I assume is the desired state?

This means, the are no routes to v6 (as desired), yes. I'm surprised you see v6 in Network Logs, because there's no v6 route into Rethink's tunnel.

DNS is free to resolve v4/v6, it is merely a question/answer mechanism after all.