Closed unixfox closed 5 months ago
I can also replicate the issue with any real ipv6 range shared using subnet router (not 4via6):
tailscale set --advertise-routes fd42::/48
$ curl http://[fd42:0:0:6::c64]
jan 15 09:54:55 pcryzen tailscaled[1030]: open-conn-track: timeout opening (TCP [fd7a:115c:a1e0:ab12:4843:cd96:6274:49f5]:59872 => [fd42:0:0:6::c64]:80) to node [KQwao]; online=yes, lastRecv=9s
jan 15 09:54:56 pcryzen tailscaled[1030]: open-conn-track: timeout opening (TCP [fd7a:115c:a1e0:ab12:4843:cd96:6274:49f5]:59872 => [fd42:0:0:6::c64]:80) to node [KQwao]; online=yes, lastRecv=10s
jan 15 09:54:58 pcryzen tailscaled[1030]: open-conn-track: timeout opening (TCP [fd7a:115c:a1e0:ab12:4843:cd96:6274:49f5]:59872 => [fd42:0:0:6::c64]:80) to node [KQwao]; online=yes, lastRecv=12s
jan 15 09:55:02 pcryzen tailscaled[1030]: open-conn-track: timeout opening (TCP [fd7a:115c:a1e0:ab12:4843:cd96:6274:49f5]:59872 => [fd42:0:0:6::c64]:80) to node [KQwao]; online=yes, lastRecv=2s
jan 15 09:55:14 pcryzen tailscaled[1030]: open-conn-track: timeout opening (TCP [fd7a:115c:a1e0:ab12:4843:cd96:6274:49f5]:59872 => [fd42:0:0:6::c64]:80) to node [KQwao]; online=yes, lastRecv=3s
Thank you https://github.com/jsiebens/ionscale/pull/31 fixes the issue!
Should I close the issue?
Hello, I'm using the 4via6 subnet router functionality like described here: https://tailscale.com/kb/1201/4via6-subnets
I allowed the 4via6 ipv6 CIDR range in my ACL:
Also advertised the route on the machine. I got the ipv6 subnet using
tailscale debug via 1 192.168.1.0/24
.I validated that it works because I made it worked the same way on www.tailscale.com
But unfortunately, it doesn't work with ionscale. I can't reach the ipv6 address.
Here are the logs from tailscaled:
I'm only being able to reach the ipv6 address when manually defining the host in the ACL policy like this:
Would it be possible to add the support for this functionality in the ACL? Thank you.
Headscale related issues: