Closed cyberb closed 5 years ago
I am not sure how selection of network works if you have dual stack, I guess by dns. Dns actually has both types of addresses (A and AAAA) for the same name. So the plan is to update both if available.
I have implemented half of the ipv6 update logic, could you update platform and run the following commands to see if they give correct ip info:
snap run platform.cli ipv4
snap run platform.cli ipv6
I'm using the VM image. I updated and reactivated my device. If I access with https://ipv4/index.html external access is already ON and Public IP is ipv6.
But, I think it's the "wrong" ipv6-address. Under network.html there are 3 ipv6-addresses given. It takes automatically the first one. Under https://www.syncloud.it/user.html there is NO external ip mapped.
Only if I save manually the second ipv6-address, then external ip IS mapped.
Addresses under https://www.syncloud.it/user.html are still both ipv4, so I can't access with https://name.syncloud.it
I don't know where to run the commands. I'm running the VM on windows. I tried in the cmd "ssh userdevice@ipvofdevice" with my device password, but premission is denied.
You need to use user "root" and your device password from activation as mentioned here: https://github.com/syncloud/platform/wiki/Report-problems#ssh
snap run platform.cli ipv4
gives internal ipv4 with which I can access index.html in local network but doesn't function for domain for me and
snap run platform.cli ipv6
gives the "wrong" (under network.html the first) ipv6, which doesn't lead to any entry under External Address - https://www.syncloud.it/user.html even if the "right" ipv6 (under network.html the second) is mapped as Public IP under network.html.
Internal and External Address under https://www.syncloud.it/user.html are still ipv4
I don't understand why there are 3 various ipv6 addresses...
You could try to disable IPv6 Privacy Extensions on the server?
VM may give you multiple networks, that is fine, we just need to detect correct one. Just upgraded auto detection, could you update platfprm again and run two commands? Do not worry about syncloud.it page right now.
I updated and reactivated my device. External access under network was OFF. I switched it ON and it took the correct IPv6 address. snap run platform.cli ipv6
prints the same correct address.
Ok, now check syncloud.it page after 10 minites, you should see yoir ipv6 there. Again, external access On/Off does not matter for ipv6 address.
Yes, it shows the correct ipv6. Link with domain still fails.
What about ipv6 link does it work?
Yes, this link works. There is space between the "ipv6 address" and "]" under IPv6 Address: on https://www.syncloud.it/user.html but which doesn't affect the functionality of the link.
Did you add those changes only for VM image yet? Because for ODROID HC1 it doesn't work.
External Address: is ipv4 so I guess Domain Address: takes this one?
The change is not specific to an image, just update platform.
Are you accessing domain link from dial stack or not?
I'm accessing from a PC in my private network (same as device) with dual-stack lite. I thought for accessing websites in general, both ipvs should work, and for hosting only ipv6, isn't it?
Ok, with update, the odroid works. External Address: under https://www.syncloud.it/user.html is now ipv6. But "[]" is missing and I think there is a port (?) ":null" added.
So I can't access this link. But I can still do it for the link under IPv6 Address:
Ok, now the External Address: for the VM has also ":null" as https://ipv4:null
And External Address: links are for both devices (ipv6 or 4) without any event (no error page is loaded), when I click on them.
Ok, there was a problem with sending ipv6, could update platform one nore time to see if that fixes the problem with space and potentially with null port.
Yes, space for the IPv6 Address: is gone.
For External Address: "[]" are still missing and ":null" is still there. Also, the IPv6-Address looks like a link, but if I hover it, there is no URL shown in the left corner of the browser and I can not click on it. I think this is an independent error.
If I check my domain, https://ipinfo.info/html/ip_checker.php gives for DNS Lookup my Internal Address: which is IPv4
https://ipv6-test.com/validate.php shows actually the correct AAAA DNS record but it says for IPv6 web server "web server is unreachable : Permission denied" and IPv6 DNS server shows no information. Do I have to enable anything at my router?
External Address: under https://www.syncloud.it/user.html shows at the moment IPv4, so I guess this is changing sometimes...
Ok, I enabled access in my router and https://ipv6-test.com/validate.php shows now all correct information!
But https://ipinfo.info/html/ip_checker.php gives still for DNS Lookup my Internal Address: which is IPv4
Looks like ipinfo website knows nothing about ipv6 for dns, try https://mxtoolbox.com/IPv6.aspx
IPv6 is correct. But, I still can't reach the page by domain.
But it shows also my internal IPv4. Maybe you have to disable the A record because this is maybe tested first and leads then to an timeout error by the browser?
In chrome browser it say "server ip address could not be found" error DNS_PROBE_FINISHED_NXDOMAIN
Do I have to change something here? I've read that I need Assign DNS server, prefix (IA_PD) and IPv6 address (IA_NA)
Also there is some DNS Rebind Protection and I added an exception for https://syncloud.it/
It works!!!!!!!! 💃
It's so cool!! Thanks so much to be so patient :) Finally I can use it...
Great, is there anything I should fix on syncloud.it user page?
No, for me it's fine. Maybe we can add some info to the wiki how to setup the router and link it under network.html
I still get the error messages for mail server on https://mxtoolbox.com/IPv6.aspx like shown in the screenshot. Nextcloud works. I will test the other apps and let you know, if I need something else.
What is not shown, is the Let's Encrypt certificat. Any idea how to fix that?
ok, mails are blocked as spam
For the certificate https://github.com/syncloud/platform/wiki/Browser-warning-(certificate-problem) I don't use/need then port 80 for IPv6...
Ok solution was actually documented already https://github.com/syncloud/platform/wiki/Unable-to-access-device-from-local-network
You could add to https://github.com/syncloud/platform/wiki/External-access some docs for Port Sharing in router settings
For fritzbox I had to enable under Internet > Permit Access > Port Sharing > Device name
And it was necessary to add an DNS exception so you could write that in https://github.com/syncloud/platform/wiki/External-access as well
Unfortunately, I think it's just working for private network. If I test it with http://www.ipv6proxy.net/ on my smartphone with my mobile service (IPv4-only) it says "The requested site does not appear to have an IPv6 address." Also, somebody else told me, that access from another home with IPv6 is not possible.
Ok, if I open https://[ipv6]/login.html with http://www.ipv6proxy.net/ on my smartphone with my mobile service (IPv4-only) then it works.
Do you still not have the certificate? I guess you have external access disabled, which is OK as you have ipv6. I will have to change certificate updater to run if there is an ipv6.
No, I don't. Yes, it is disabled and also not possible to switch on. Error certificate port (0) has to be between 1 and 65535. That would be nice.
Can you update platform and check /var/snap/platform/common/log/platform.log for certificate messages.
I did update and certificate is there because of green sign in browser. Should I run the log file or check it with nano?
Because it says permission denied if I run it...
You do not have to check log if browser is green :) Just to make sure, was browser not green before the update?
You should never run logs files :) you should less/grep/tail (view) them :) vim/nano is really for editing so also not good for logs.
No, it was not. Thanks a lot again!
I'm still not 100% sure if this issue is completly done, because http://www.ipv6proxy.net/ shows still on my smartphone with my mobile service (IPv4-only) "The requested site does not appear to have an IPv6 address." only for the domain, not the ip address.
Thanks for the information, always happy to learn :)
Sounds to be even a simpler solution, but not that a new problem appears: What about people how have "real" dual-stack? They have the possibility to access via ipv4 (most mobile provider), will access for them still possible with ipv4? Or maybe you could give them the possibility to choose which ipv they want to have mapped...
Otherwise you could test for dual-stack-lite and update only then to ipv6...