I’m running a selfhosted Firezone in an AWS EC2 instance, type t4g.medium (arm64), under Ubuntu 20.04. It’s working great and made my life easier btw.
The only issue I’m facing with it is that the EC2 instance is dualstack, and it gets the IPv6 config via DHCPv6. For some reason, the nftables ruleset created by Firezone, which seems harmless, also seems to interfere with DHCPv6 operation. In particular, my instance does get a temporary lease with DHCPv6 on boot. Then, Firezone is started. Then, when the DHCPv6 expires, it never renews. I can run
dhclient -6 -v ens5 and see it never get a lease. A
tcpdump -eni ens5 ip6 shows the SOLICIT being sent, but it never gets a reply. The moment I run
dhclient -6 -v ens5 works instantly and the SOLICIT gets replied.
Have anybody experienced this? Do you know of any workaround? Should I open an issue on GitHub? Don’t hesitate in asking for more information,
tcpdumps and such.