🐛 IPv6 errors with WARP (v 2022.9.1) - Raspberry Pi 4 32 bit (armv7)

[yggdrasil-tynor]

Describe the bug
We cannot connect to IPv6 servers with the new cloudflared tunnel

To Reproduce
Steps to reproduce the behavior:
cloudflared --protocol auto tunnel run 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX
Tunnel ID : 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX

cloudflared config:

tunnel: 6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX
credentials-file: /home/pi/.cloudflared/6e0b7b09-fc0b-4005-863c-XXXXXXXXXXXX.json
warp-routing:
enabled: true

Expected behavior
Tunneling with IPv6 should work

Environment and versions

• OS: Raspbian 32bit
• Architecture: ARMv7
• Version: Linux retropie 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux

Logs and errors
On startup:

WRN Failed to determine the IPv6 for this machine. It will use 2001:db8:: as source IP for error messages such as ICMP TTL exceed error="dial udp [2606:4700:4700::1111]:53: connect: network is unreachable" connIndex=2 ip=198.41.200.53

On tunneling:

DBG tcp proxy stream started flowID=e95825d5-0648-4b24-ad12-7227b9c5f387
ERR error="dial tcp [2a02:26f0:a00::17c7:4b2a]:443: connect: network is unreachable" flowID=e95825d5-0648-4b24-ad12-7227b9c5f387 originService=warp-routing
ERR Request failed error="dial tcp [2a02:26f0:a00::17c7:4b2a]:443: connect: network is unreachable" connIndex=0 dest=[2a02:26f0:a00::17c7:4b2a]:443 ip=198.41.200.43 type=tcp

Additional context
I tried enabling --edge-ip-version 6 without success

[nmldiegues]

On startup:

This is a warning that we'll likely make a DBG loglevel message soon, since it is for an upcoming ICMP proxying feature that is trying to listen for ICMP Ipv6 messages and was unable to (probably because your machine does not have IPv6 stack).

On tunneling:

These errors show that IPv6 eyeballs are arriving to your tunnel and are unable to be proxied because cloudflared is running in a machine without IPv6 stack.

Additional context
I tried enabling --edge-ip-version 6 without success

That flag is for cloudflared to connect to Cloudflare's edge with Ipv6. It won't help with the warnings above.

Your machine seems to have IPv4 only, and that should connect fine to our edge (it is connecting as far as I can tell), and it should be able to talk to IPv4 origins.

PS: do not mask the Tunnel ID, otherwise it is useless for us. It is not a secret, and without it, we cannot look further into what's going on

[yggdrasil-tynor]

Thanks for the swift reply @nmldiegues . So what you are saying is that Raspberry Pi 4 is unable to proxy IPv6 traffic? We tried running it in a Kubernetes cluster on Azure with the same issues as above.

PS: do not mask the Tunnel ID, otherwise it is useless for us. It is not a secret, and without it, we cannot look further into what's going on

Sorry the correct Tunnel ID is: 6e0b7b09-fc0b-4005-863c-32dea2f4616d

[nmldiegues]

What happens when you run:

nc -v 2a02:26f0:a00::17c7:4b2a 443

from your cloudflared machine?

[yggdrasil-tynor]

What happens when you run:

nc -v 2a02:26f0:a00::17c7:4b2a 443

from your cloudflared machine?

connect to 2a02:26f0:a00::17c7:4b2a port 443 (tcp) failed: Network is unreachable

[nmldiegues]

That's what you should look into fixing: as you can see, that machine cannot connect to that origin IP/port; the problem is not cloudflared

[yggdrasil-tynor]

That's what you should look into fixing: as you can see, that machine cannot connect to that origin IP/port; the problem is not cloudflared

I'm trying to proxy some traffic to a Japanese website through a Tunnel running in Japan (due to IP restrictions). I get the IP's when doing n nslookup. Without these IP's (v6) routed through the tunnel, the traffic is not tunneled.
Do you have any idea how we can circumvent this? I'm happy to share the domain address with you, but not in this public thread. Happy to email you if it is OK.