[Galene] galene on IPv6 only

[Galene] galene on IPv6 only

[Curtis Villamizar]

It looks like galene does not want to work on an IPv6 only server.
This server has no IPv4 address at all, not even loopback 127.0.0.1.
When I use -http [<myprefix>::6106]:8443 it does not bind to that
address.  I do get a UDP bind to a random UDP port.  I see the UDP
range option but it is not clear to me what that is for.

I also get messages related to IPv4-ish stuff.
  Failed to enable mDNS over IPv4:
    (listen udp4 224.0.0.0:5353: socket: protocol not supported)
and
  Relay test failed: timeout 2026/03/19 07:41:38
    Perhaps you didn't configure a TURN server?
  TURN: no public addresses

The second message is benign and only indicates the relayTest() test
has failed even though it should not be run if there is no IPv4.

This is despite both mDNS and TURN supposedly disabled.

This is IPv6 so no need for ICE, STUN, TURN, etc.  There is nothing on
the local lan (its in a datacenter) so no need for mDNS and running
mDNS is *very* bad form in that type of environment.

I should mention that this is FreeBSD inside an IPv6 only jail.

I have patches that get me to connect via tcp6.  See below.  This also
gets rid of the mDNS attempt so that seems tied to the bind previously
not working.  So this is sort of a solved problem.  If instead of
using the IPv6 address inside [] I use the host name, then not solved.
Even though the host has an AAAA DNS record and no A record, the bind
does not work if the host name is specified.  This may be an upstream
problem in the go net library.

This could be solved by doing a DNS lookup and seeing the AAAA record
(and A record if used) and listenning with tcp6 (and tcp4 if A used).
This would be needed anyway if you wanted to be like apache and
support binding to more than one address with one instance of the
server.  It would be a lot cleaner.  Maybe later I'll refile the
patches.

Curtis


--- galene.go.orig	2025-08-09 10:26:35.000000000 -0400
+++ galene.go	2026-03-19 09:42:32.995605000 -0400
@@ -53,6 +53,13 @@
 		"built-in TURN server `address` (\"\" to disable)")
 	flag.Parse()
 
+	log.Printf("httpAddr = %s", httpAddr)
+	if strings.HasPrefix(httpAddr, "[") {
+		group.UseMDNS = false
+		turnserver.Address = ""
+		log.Printf("Using IPv6, disable mDNS and TURN")
+	}
+
 	if udpRange != "" {
 		if strings.ContainsRune(udpRange, '-') {
 			var min, max uint16
@@ -145,7 +152,9 @@
 	terminate := make(chan os.Signal, 1)
 	signal.Notify(terminate, syscall.SIGINT, syscall.SIGTERM)
 
-	go relayTest()
+	if ! strings.HasPrefix(httpAddr, "[") {
+		go relayTest()
+	}
 
 	ticker := time.NewTicker(15 * time.Minute)
 	defer ticker.Stop()

--- webserver/webserver.go.orig	2025-08-09 10:26:35.000000000 -0400
+++ webserver/webserver.go	2026-03-19 08:54:40.982460000 -0400
@@ -72,6 +72,10 @@
 	proto := "tcp"
 	if strings.HasPrefix(address, "/") {
 		proto = "unix"
+	}
+	if strings.HasPrefix(address, "[") {
+		proto = "tcp6"
+		log.Printf("Using IPv6, set proto to tcp6")
 	}
 
 	listener, err := net.Listen(proto, address)

[Galene] Re: galene on IPv6 only

[Juliusz Chroboczek]

Hello,

> It looks like galene does not want to work on an IPv6 only server.

Thanks a lot for your testing, that's the kind of deployment that we
should be supporting.

> I also get messages related to IPv4-ish stuff.
>   Failed to enable mDNS over IPv4:
>     (listen udp4 224.0.0.0:5353: socket: protocol not supported)


mDNS is disabled by default for a very long time.  See galene.go line 49:

    flag.BoolVar(&group.UseMDNS, "mdns", false, "gather mDNS addresses")

I think the issue here is that UseMDNS is not obeyed by the relay test.
I'll fix that ASAP.

>   Relay test failed: timeout 2026/03/19 07:41:38
>     Perhaps you didn't configure a TURN server?
>   TURN: no public addresses
> 
> The second message is benign and only indicates the relayTest() test
> has failed even though it should not be run if there is no IPv4.

RelayTest is run unconditionally, since it should be successful with an
IPv6 TURN server.  The issue here is that the built-in TURN server does
not implement RFC 6156, you need to use Coturn or some other full-featured
TURN server.

We should probably run two relay tests, one over IPv4 and one over IPv6.

> This is IPv6 so no need for ICE, STUN, TURN, etc.

I, too, used to be optimistic about IPv6 ;-)

ICE is still required, since both address selection and blackhole
detection are done by ICE.  STUN and TURN are useful if there's a firewall
in the way, which sadly is often the case, even with IPv6.

> There is nothing on the local lan (its in a datacenter) so no need for
> mDNS and running mDNS is *very* bad form in that type of environment.

Yes, mDNS is disabled by default.  I need more information to understand
why it's not being disabled in your case.

> If instead of using the IPv6 address inside [] I use the host name, then
> not solved.  Even though the host has an AAAA DNS record and no
> A record, the bind does not work if the host name is specified.  This
> may be an upstream problem in the go net library.

Interesting.  I'll see if I can reproduce it.

-- Juliusz

[Galene] Re: galene on IPv6 only

[Curtis Villamizar]

In message <874imask25.wl-jch@irif.fr>
Juliusz Chroboczek writes:
 
> Hello,
>  
> > It looks like galene does not want to work on an IPv6 only server.
>  
> Thanks a lot for your testing, that's the kind of deployment that we
> should be supporting.
>  
> > I also get messages related to IPv4-ish stuff.
> >   Failed to enable mDNS over IPv4:
> >     (listen udp4 224.0.0.0:5353: socket: protocol not supported)
>  
>  
> mDNS is disabled by default for a very long time.  See galene.go line 49:
>  
>     flag.BoolVar(&group.UseMDNS, "mdns", false, "gather mDNS addresses")
>  
> I think the issue here is that UseMDNS is not obeyed by the relay test.
> I'll fix that ASAP.

Thanks.  Very responsive on your part.

> >   Relay test failed: timeout 2026/03/19 07:41:38
> >     Perhaps you didn't configure a TURN server?
> >   TURN: no public addresses
> > 
> > The second message is benign and only indicates the relayTest() test
> > has failed even though it should not be run if there is no IPv4.
>  
> RelayTest is run unconditionally, since it should be successful with an
> IPv6 TURN server.  The issue here is that the built-in TURN server does
> not implement RFC 6156, you need to use Coturn or some other full-featured
> TURN server.

There needs to be an ability to disable the loopback test.  I have no
need for a TURN server and I think this will be common among those
running IPv6 only.

> We should probably run two relay tests, one over IPv4 and one over IPv6.
>  
> > This is IPv6 so no need for ICE, STUN, TURN, etc.
>  
> I, too, used to be optimistic about IPv6 ;-)

That is another discussion.  So I'll try to be brief.

Even here in the laggard US more consumer ISPs are offering IPv6
either enabled by default or enabled on request.  Nearly all business
service from ISPs offers IPv6.

I've been involved with IPv6 since before the beginning and had a lot
to do with OSI not being picked for the basis of IPv6.  I argued for a
64 bit address.  Then high end router manufacturers insisted they
would only fast path the top 64 bits and the bottom should be used for
LAN only (enterprise routing, etc) where speeds in PPS were not as
high so IETF decided the bottom 64 would not be used for routing at
all.  Since most LANs are under 256 hosts and nearly all under 64K
hosts, they wasted at least 48 bits.

Working for an ISP and then later high end routing and fiber optic
transport equipment I used to say that anyone that didn't have IPv6
was probably not someone I needed to talk to and likely someone I
didn't want to here from.  This worked in that community as PGP worked
in the security community.  For a while I ran an IPv6 only mail server
and generally that was fine except mailing lists hosted on Cloudflare.

I am now finding that even most people in my personal life with
consumer Internet now have access to IPv6 (no NAT afaik) so I am still
hopeful.  In some cases I've had to resort to tunnels to my datacenter
servers to get IPv6 if using my laptop when visiting friends or family
and even hotels and consumer oriented businesses so not there yet.

> ICE is still required, since both address selection and blackhole
> detection are done by ICE.  STUN and TURN are useful if there's a firewall
> in the way, which sadly is often the case, even with IPv6.

This is not a problem in my case.  IPv6 in the clear, no NAT.

> > There is nothing on the local lan (its in a datacenter) so no need for
> > mDNS and running mDNS is *very* bad form in that type of environment.
>  
> Yes, mDNS is disabled by default.  I need more information to understand
> why it's not being disabled in your case.

With the admitedly kludgy patch the problem is gone so maybe it was
the relay test which I now disabled.  That saying, I didn't look at
the code much.

> > If instead of using the IPv6 address inside [] I use the host name, then
> > not solved.  Even though the host has an AAAA DNS record and no
> > A record, the bind does not work if the host name is specified.  This
> > may be an upstream problem in the go net library.
>  
> Interesting.  I'll see if I can reproduce it.

That's with my kludgy patch.  Maybe standby and I'll put together a
more robust patch.

Up and sort of running but I still need some work.  This would have
gone a lot faster if there were better documentation and better
diagnostics on json issues.  I have to say that initial setup was
somewhat painful.  I'll let you if there are any further problems that
are not unique to my misconfiguration.  I'll try to help rather than
just whine.

> -- Juliusz
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org