search

zyclonite / zerotier-docker

ZeroTier One as Docker Image
MIT License
321 stars 84 forks source link

Feature Request: IPv6 Support #34

Open Jashepp opened 1 month ago

Jashepp commented 1 month ago

Hey, can support for IPv6 be added for the router/controller variant? By default, or behind an env flag, or docker tag? I have not used the client variant myself, so I am unsure if support is already there for that.

I've managed to get it working myself by editing iptables rules within entrypoint-router.sh (I have ZEROTIER_ONE_USE_IPTABLES_NFT=true, so I am unsure if it works on legacy)

Added

IP6TABLES_CMD=ip6tables-legacy
[ "${ZEROTIER_ONE_USE_IPTABLES_NFT}" = "true" ] && IP6TABLES_CMD=ip6tables-nft

Duplicated iptables commands within update_iptables() for example:

"both" )
    # IPv4
    echo "$2 ${IPTABLES_CMD} rules for bi-directional traffic (local interfaces ${PHY_IFACES} to/from ZeroTier)"
    ${IPTABLES_CMD} -t nat -${1} POSTROUTING -o ${ZT_IFACE} -j MASQUERADE
    for PHY_IFACE in ${PHY_IFACES} ; do
        ${IPTABLES_CMD} -t nat -${1} POSTROUTING -o ${PHY_IFACE} -j MASQUERADE
        ${IPTABLES_CMD} -${1} FORWARD -i ${ZT_IFACE} -o ${PHY_IFACE} -j ACCEPT
        ${IPTABLES_CMD} -${1} FORWARD -i ${PHY_IFACE} -o ${ZT_IFACE} -j ACCEPT
    done
    # IPv6
    echo "$2 ${IP6TABLES_CMD} rules for bi-directional traffic (local interfaces ${PHY_IFACES} to/from ZeroTier)"
    ${IP6TABLES_CMD} -t nat -${1} POSTROUTING -o ${ZT_IFACE} -j MASQUERADE
    for PHY_IFACE in ${PHY_IFACES} ; do
        ${IP6TABLES_CMD} -t nat -${1} POSTROUTING -o ${PHY_IFACE} -j MASQUERADE
        ${IP6TABLES_CMD} -${1} FORWARD -i ${ZT_IFACE} -o ${PHY_IFACE} -j ACCEPT
        ${IP6TABLES_CMD} -${1} FORWARD -i ${PHY_IFACE} -o ${ZT_IFACE} -j ACCEPT
    done
    ;;

Also, thanks for the great work so far, this project has been very helpful.