BeryJu
commented
5 days ago makes sense to me but it's been a while since I've done anything ipv6 related, thoughts @rissson?
Open BPplays opened 6 days ago
BeryJu
commented
5 days ago makes sense to me but it's been a while since I've done anything ipv6 related, thoughts @rissson?
rissson
commented
5 days ago The thing is the ULA config is not included for the same reason 100.64/10 isn't. You might encounter those subnets outside your local network, or at least it's more likely than those from RFC1918. You also probably don't want to authorize the whole of fc00::/7, but only the relevant /48 or /64. As this option is configurable, I don't think we should add that subnet.
BPplays
commented
4 days ago @rissson then maybe a better solution is putting more notes about it in the docs, like the documentation on reverse proxies doesn't even mention it even though it'll cause all client IPs to be wrong
rissson
commented
4 days ago Agreed
rissson
commented
4 days ago If you want to open a PR, feel free to, otherwise I'll probably get around to this next week
according to the docs fc00::/7 is not in AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS by default i feel like it should because all types of local ipv4 addresses except 100.64.0.0/10 are included