mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
c18d52cec8
* Add instructions for enabling IPv6 within Docker
IPv6 routing is disabled by default on Docker. To have IPv6 work in Firezone
the same way IPv4 currently does (and IPv6 on Omnibus), four things are
generally required:
1. First, ensure your Docker host has IPv6 correctly set up with a quick
ping test:
```
> ping6 -c 4 google.com
PING google.com(sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e)) 56 data bytes
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=1 ttl=51 time=1.96 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=2 ttl=51 time=1.94 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=3 ttl=51 time=1.92 ms
64 bytes from sfo03s32-in-x0e.1e100.net (2607:f8b0:4005:814::200e): icmp_seq=4 ttl=51 time=1.90 ms
```
2. Add an IPv6 address, subnet, and `enable_ipv6: true` to the Docker
compose. **Note**: Various Googling around the interwebs will uncover
the myth that `enable_ipv6` is not supported on Docker Compose file
versions 3+ -- this seems to be incorrect. Leaving out `enable_ipv6: true`
prevented Docker from automatically assigning IPv6 addresses for
containers attaching to that network.
3. Add the following to `/etc/docker/daemon.json`:
```json
{
"ipv6": true,
"ip6tables": true,
"experimental": true,
"fixed-cidr-v6": "fd00:dead:beef::/80"
}
```
4. The above causes Docker to automatically add `ip6tables` rules to
set up IPv6 NAT/Masquerade for containers. However, this breaks DHCPv6
Router Advertisements, so you'll need to re-enable them for your
default interface with:
```
egress=`ip route show default 0.0.0.0/0 | grep -oP '(?<=dev ).*' | cut -f1 -d' ' | tr -d '\n'`
sudo echo "net.ipv6.conf.${egress}.accept_ra=2" >> /etc/sysctl.conf
```
* Fix bash cmd
* Apply suggestions from code review
Self-review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
* Apply suggestions from code review
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Firezone is a self-hosted VPN server and Linux firewall
- Manage remote access through an intuitive web interface and CLI utility.
- Deploy on your own infrastructure to keep control of your network traffic.
- Built on WireGuard® to be stable, performant, and lightweight.
Get Started
Follow our deploy guide to install your self-hosted instance of Firezone.
Or, if you're on a supported platform, try our one-line install script:
bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh)
Using Firezone in production at your organization? Take a look at our Enterprise Plan.
Features
- Fast: Uses WireGuard® to be 3-4 times faster than OpenVPN.
- SSO Integration: Authenticate using any identity provider with an OpenID Connect (OIDC) connector.
- Containerized: All dependencies are bundled via Docker.
- Simple: Takes minutes to set up. Manage via a simple CLI.
- Secure: Runs unprivileged. HTTPS enforced. Encrypted cookies.
- Firewall included: Uses Linux nftables to block unwanted egress traffic.
Anti-features
Firezone is not:
- An inbound firewall
- A tool for creating mesh networks
- A full-featured router
- An IPSec or OpenVPN server
Documentation
Additional documentation on general usage, troubleshooting, and configuration can be found at https://docs.firezone.dev.
Get Help
If you're looking for help installing, configuring, or using Firezone, check our community support options:
- Discussion Forums: Ask questions, report bugs, and suggest features.
- Public Slack Group: Join live discussions, meet other users, and get to know the contributors.
- Open a PR: Contribute a bugfix or make a contribution to Firezone.
If you need help deploying or maintaining Firezone for your business, consider contacting us about our paid support plan.
Star History
Package Repository
Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.
Developing and Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md.
License
See LICENSE.
WireGuard® is a registered trademark of Jason A. Donenfeld.