Creating config files for devices was working fine, when without any changes, firezone started adding ipv6 in front of endpoint for peer:
[Peer]
PublicKey = <pub_key>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ::ffff:<server_public_ip>:51820
PersistentKeepalive = 0
This causes error in import, if i remove “::ffff:” in Endpoint, then i am able to import the config. Any ideas why this is happening suddenly?
Hi @utsavk – I know what happened. We enabled IPv6 support for our connectivity checks service which is used to auto-populate the Endpoint field for generating configs. Seems like your server found the AAAA record and started preferring that over A, causing it to use IPv6.
For an immediate fix, go to /settings/site and make sure you have an Endpoint defined. I’ve also disabled the AAAA record for our connectivity checks service so it should resolve itself within an hour automatically.
Thanks @jamil, adding endpoint fixed the issue. How can we avoid these changes in the future, because I thought the self hosted installation should be independent of changes happening at your end until upgraded.
Can you help in understanding what all data is gettting synced from external sources? and how we can make our setup independent of that?
@utsavk So the main thing would be setting the Endpoint field in Default site settings – that will prevent ConnectivityChecks from populating that field.
Unfortunately determining the public IP address of the server is best done by pinging an external service to see what it sees. Many people use curl ifconfig.me, but we prefer to host our own version of this and that’s what your server was seeing.
This can be disabled if you want in your configuration file. It’s better documented in here: firezone/default.rb at master · firezone/firezone · GitHub
ok got it. Thanks for the help.