From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mail.toke.dk; spf=pass smtp.mailfrom=orleans.occnc.com; dkim=pass header.d=orleans.occnc.com; arc=none (Message is not ARC signed); dmarc=none
Received: from mta6-tap0.andover.occnc.com (mta6-tap0.andover.occnc.com [IPv6:2600:2c00:b000:2500::153])
	by mail.toke.dk (Postfix) with ESMTPS id DD671E66821
	for <galene@lists.galene.org>; Fri, 20 Mar 2026 17:10:50 +0100 (CET)
Received: from harbor6.andover.occnc.com (harbor6.andover.occnc.com [IPv6:2600:2c00:b000:2500::610b])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519MLKEM768 server-signature ECDSA (secp384r1) server-digest SHA384)
	(Client did not present a certificate)
	(Authenticated sender: curtis@occnc.com)
	by mta6-tap0.andover.occnc.com (Postfix) with ESMTPSA id 2E6E4EF77;
	Fri, 20 Mar 2026 12:10:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orleans.occnc.com;
	s=curtis-orleans-20250605-224653; t=1774023048;
	bh=cgMxWQSTdQX21wA2EoYF0+tC8cwasLCNf7FU3pUkxHs=;
	h=To:cc:Reply-To:From:Subject:In-reply-to:Date;
	b=e6lI6TUCRcYGGDQevZ6F8uc4mWYXkgQPGZpWaL5ynzAOh2CZ6k5jAqOdwFCx+pa/E
	 NQAoPpot283Lru6s97PRAydfwOHuTTkJAAYbNIZFtlffMzNkIGWHqowA8hdPIIpQ5M
	 9kWxz/xlP3QJzzjLep/JdI+xbC4hEI3O+4bqKtlCmdpCcyyW7o+Kx5kJYfpBdC4E6M
	 e+twwA63PYrdpBoYfsN8Bk3g5L4nvhHGZpJrbDLFe/tiG07mPLuvl66rFG3ekGQolm
	 +SSNsK3M9eBn+yP7l8EGMzfGYOjECw8iLBHYbdUCAfikF1U4qDDCK0RPn6zzb2zaCP
	 FLcNvrf3MV76w==
To: Juliusz Chroboczek <jch@irif.fr>
cc: Curtis Villamizar <curtis@orleans.occnc.com>,
    galene@lists.galene.org
From: Curtis Villamizar <curtis@orleans.occnc.com>
In-reply-to: Your message of "Fri, 20 Mar 2026 14:32:34 +0100."
             <874imask25.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <82997.1774022631.1@harbor6.andover.occnc.com>
Date: Fri, 20 Mar 2026 12:03:51 -0400
Message-ID: <177402305327.1734.18439769982863638765@gauss>
Message-ID-Hash: JZCJQPDLTWLYP32BR4VSLXPFICJYHFCM
X-Message-ID-Hash: JZCJQPDLTWLYP32BR4VSLXPFICJYHFCM
X-MailFrom: curtis@orleans.occnc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: Curtis Villamizar <curtis@orleans.occnc.com>
Subject: [Galene] Re: galene on IPv6 only
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/177402305327.1734.18439769982863638765@gauss/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

In message <874imask25.wl-jch@irif.fr>
Juliusz Chroboczek writes:
 
> Hello,
>  
> > It looks like galene does not want to work on an IPv6 only server.
>  
> Thanks a lot for your testing, that's the kind of deployment that we
> should be supporting.
>  
> > I also get messages related to IPv4-ish stuff.
> >   Failed to enable mDNS over IPv4:
> >     (listen udp4 224.0.0.0:5353: socket: protocol not supported)
>  
>  
> mDNS is disabled by default for a very long time.  See galene.go line 49:
>  
>     flag.BoolVar(&group.UseMDNS, "mdns", false, "gather mDNS addresses")
>  
> I think the issue here is that UseMDNS is not obeyed by the relay test.
> I'll fix that ASAP.

Thanks.  Very responsive on your part.

> >   Relay test failed: timeout 2026/03/19 07:41:38
> >     Perhaps you didn't configure a TURN server?
> >   TURN: no public addresses
> > 
> > The second message is benign and only indicates the relayTest() test
> > has failed even though it should not be run if there is no IPv4.
>  
> RelayTest is run unconditionally, since it should be successful with an
> IPv6 TURN server.  The issue here is that the built-in TURN server does
> not implement RFC 6156, you need to use Coturn or some other full-featured
> TURN server.

There needs to be an ability to disable the loopback test.  I have no
need for a TURN server and I think this will be common among those
running IPv6 only.

> We should probably run two relay tests, one over IPv4 and one over IPv6.
>  
> > This is IPv6 so no need for ICE, STUN, TURN, etc.
>  
> I, too, used to be optimistic about IPv6 ;-)

That is another discussion.  So I'll try to be brief.

Even here in the laggard US more consumer ISPs are offering IPv6
either enabled by default or enabled on request.  Nearly all business
service from ISPs offers IPv6.

I've been involved with IPv6 since before the beginning and had a lot
to do with OSI not being picked for the basis of IPv6.  I argued for a
64 bit address.  Then high end router manufacturers insisted they
would only fast path the top 64 bits and the bottom should be used for
LAN only (enterprise routing, etc) where speeds in PPS were not as
high so IETF decided the bottom 64 would not be used for routing at
all.  Since most LANs are under 256 hosts and nearly all under 64K
hosts, they wasted at least 48 bits.

Working for an ISP and then later high end routing and fiber optic
transport equipment I used to say that anyone that didn't have IPv6
was probably not someone I needed to talk to and likely someone I
didn't want to here from.  This worked in that community as PGP worked
in the security community.  For a while I ran an IPv6 only mail server
and generally that was fine except mailing lists hosted on Cloudflare.

I am now finding that even most people in my personal life with
consumer Internet now have access to IPv6 (no NAT afaik) so I am still
hopeful.  In some cases I've had to resort to tunnels to my datacenter
servers to get IPv6 if using my laptop when visiting friends or family
and even hotels and consumer oriented businesses so not there yet.

> ICE is still required, since both address selection and blackhole
> detection are done by ICE.  STUN and TURN are useful if there's a firewall
> in the way, which sadly is often the case, even with IPv6.

This is not a problem in my case.  IPv6 in the clear, no NAT.

> > There is nothing on the local lan (its in a datacenter) so no need for
> > mDNS and running mDNS is *very* bad form in that type of environment.
>  
> Yes, mDNS is disabled by default.  I need more information to understand
> why it's not being disabled in your case.

With the admitedly kludgy patch the problem is gone so maybe it was
the relay test which I now disabled.  That saying, I didn't look at
the code much.

> > If instead of using the IPv6 address inside [] I use the host name, then
> > not solved.  Even though the host has an AAAA DNS record and no
> > A record, the bind does not work if the host name is specified.  This
> > may be an upstream problem in the go net library.
>  
> Interesting.  I'll see if I can reproduce it.

That's with my kludgy patch.  Maybe standby and I'll put together a
more robust patch.

Up and sort of running but I still need some work.  This would have
gone a lot faster if there were better documentation and better
diagnostics on json issues.  I have to say that initial setup was
somewhat painful.  I'll let you if there are any further problems that
are not unique to my misconfiguration.  I'll try to help rather than
just whine.

> -- Juliusz
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org