search

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
Apache License 2.0
8.97k stars 790 forks source link

Binding to both IPv6 and IPv4 at same time and IPv6 upstream support #152

Open Night1 opened 4 years ago

Night1 commented 4 years ago

Hey.

I'm trying to bind to both IPv6 and IPv4 at the same time, but can only get one and one work for a DoH proxy thatt is connected from pihole

For IPv4 CLOUDFLARED_OPTS= --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query For IPv6 CLOUDFLARED_OPTS= --address ::1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query Tried both

CLOUDFLARED_OPTS= --address ::1 127.0.0.1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

and

CLOUDFLARED_OPTS= --address ::1 --address 127.0.0.1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

None of them work it there some other config that will do this? normally ::1 should cover both but in this case when I do a dig @::1 -p 5053 works but dig @127.0.0.1 -p 5053 only IPv6 gives a response.

Using cloudflared version 2019.11.0 (built 2019-11-07-1631 UTC)

workaround is to start two instances or cloudflared one for each protocol.

moderation commented 4 years ago

@Night1 Amazing that after all this time this isn't documented but I run dual ipv6 and ipv4 using

--proxy-dns-address="::1"

I believe the following should work:

CLOUDFLARED_OPTS= --proxy-dns-address=::1 --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

My comment https://github.com/cloudflare/cloudflared/issues/73#issuecomment-462542558 points to the original source. I guess I should create a documentation PR.

Night1 commented 4 years ago

--proxy-dns-address="::1"

Hmm tested it looked like it worked for a while but looked closer and turned out i still have to run it dual stack by having two instances running one for v4 and one v6. 

> @pi:/etc/default# cloudflared proxy-dns --port 5053 --address "::1" -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query                                                                                                                               
> INFO[0000] Adding DNS upstream                           url="https://1.1.1.1/dns-query"
> INFO[0000] Adding DNS upstream                           url="https://1.0.0.1/dns-query"
> INFO[0000] Starting metrics server                       addr="127.0.0.1:44277"
> INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::1]:5053"
Night1 commented 4 years ago

joing proxy-dns-address is invalid :) "proxy dns" is the operator while --address are options for proxy-dns. However you did give me the hints needed. To get it working on both v4 and v6, was not "::1" but "::"

cloudflared proxy-dns --port 5053 --address :: -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

Thank you.

`pi:/home/pi# cloudflared proxy-dns --port 5053 --address "::" -upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
INFO[0000] Adding DNS upstream                           url="https://1.1.1.1/dns-query"
INFO[0000] Adding DNS upstream                           url="https://1.0.0.1/dns-query"
INFO[0000] Starting metrics server                       addr="127.0.0.1:40629"
INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::]:5053"`

Adding IPv6 to upstream results in: 

pi:/home/pi# cloudflared proxy-dns --port 5053 --address "::" --upstream https://[2606:4700:4700::1111]/dns-query
INFO[0000] Adding DNS upstream                           url="https://[2606:4700:4700::1111]/dns-query"
INFO[0000] Starting metrics server                       addr="127.0.0.1:43363"
INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://[::]:5053"
ERRO[0003] failed to connect to an HTTPS backend "https://[2606:4700:4700::1111]/dns-query"  error="returned status code 403"
ERRO[0003] failed to connect to an HTTPS backend "https://[2606:4700:4700::1111]/dns-query"  error="returned status code 403"

So cloudflare is blocking lookups over IPv6 for DoH.

aldo-roman commented 1 year ago

@Night1 Did you get it working finally? Is DNS lookup on IPv6 still not supported by Cloudflare?

For context, I tried:

cloudflared proxy-dns --address :: --port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --upstream https://[2606:4700:4700::1111]/dns-query--upstream https://[2606:4700:4700::1001]/dns-query

The log I get:

Mar 11 20:52:30 raspberrypi systemd[1]: Started cloudflared DNS over HTTPS proxy.
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://1.1.1.1/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://1.0.0.1/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://[2606:4700:4700::1111]/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Starting metrics server on 127.0.0.1:37517/metrics
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Adding DNS upstream url=https://[2606:4700:4700::1001]/dns-query
Mar 11 20:52:30 raspberrypi cloudflared[6449]: 2023-03-11T20:52:30Z INF Starting DNS over HTTPS proxy server address=dns://[::]:5053
However, when visiting https://1.1.1.1/help, I still get: Connectivity to Resolver IP Addresses
1.1.1.1 Yes
1.0.0.1 Yes
2606:4700:4700::1111 No
2606:4700:4700::1001 No
Night1 commented 1 year ago

I moved ISP new ISP does give me 2.5gigabit internet but not IPv6... anyways with AdGuard Home you can set up DoH + DoT nativiley.

rturk commented 5 months ago

related https://github.com/cloudflare/cloudflared/issues/1141