IPv6 exit node ACL not working #445

New Issue

adam · 2025-12-29T01:29:28+01:00

adam commented

2025-12-29 01:29:28 +01:00

Originally created by @fuomag9 on GitHub (Mar 22, 2023).

Bug description

Is ipv6 exit node with ACL possible? As the ACL below makes ipv4 work but ipv6 does not, and I see this in the logs, which does not seem correct:

Mar 21 20:41:49 headscale headscale[7944]: 2023-03-21T20:41:49+01:00 WRN No IPs found with the alias all6

On discord it was suggested to use [::]/0 but that did not work as well and outputted the same log

To Reproduce

Create an exit node and use the following ACL

{
  "groups": {
    "group:admin": ["fuomag9"]
  },
"Hosts": {
        "all6":  "::/0",
    },
  "acls": [
   { "action": "accept", "src": ["group:admin"], "dst": ["group:admin:*"] },
   {"action": "accept", "src": ["group:admin"], "dst": ["0.0.0.0/0:*"]},
   {"action": "accept", "src": ["group:admin"], "dst": ["all6:*"]}
  ]
}

Context info

0.21.0
1.38.1
MacOS 13.2.1 (22D68) tailscale, RHEL 9.1 headscale
Linux proxmox 6.1.15-1-pve

Originally created by @fuomag9 on GitHub (Mar 22, 2023).  **Bug description** Is ipv6 exit node with ACL possible? As the ACL below makes ipv4 work but ipv6 does not, and I see this in the logs, which does not seem correct: `Mar 21 20:41:49 headscale headscale[7944]: 2023-03-21T20:41:49+01:00 WRN No IPs found with the alias all6` On discord it was suggested to use `[::]/0` but that did not work as well and outputted the same log **To Reproduce** Create an exit node and use the following ACL ``` { "groups": { "group:admin": ["fuomag9"] }, "Hosts": { "all6": "::/0", }, "acls": [ { "action": "accept", "src": ["group:admin"], "dst": ["group:admin:*"] }, {"action": "accept", "src": ["group:admin"], "dst": ["0.0.0.0/0:*"]}, {"action": "accept", "src": ["group:admin"], "dst": ["all6:*"]} ] } ``` **Context info** - 0.21.0 - 1.38.1 - MacOS 13.2.1 (22D68) tailscale, RHEL 9.1 headscale - Linux proxmox 6.1.15-1-pve

adam added the stale bug labels 2025-12-29 01:29:28 +01:00

adam closed this issue

2025-12-29 01:29:28 +01:00

adam commented

2025-12-29 01:29:29 +01:00

@github-actions[bot] commented on GitHub (Sep 26, 2023):

This issue is stale because it has been open for 180 days with no activity.

@github-actions[bot] commented on GitHub (Sep 26, 2023): This issue is stale because it has been open for 180 days with no activity.

adam commented

2025-12-29 01:29:29 +01:00

@almereyda commented on GitHub (Sep 28, 2023):

It will be useful to reconsider this use case, now that the #1473 has passed.

@almereyda commented on GitHub (Sep 28, 2023): It will be useful to reconsider this use case, now that the #1473 has passed.

adam commented

2025-12-29 01:29:30 +01:00

@turbotorsten commented on GitHub (Nov 6, 2023):

"dst": ["::/0:*"],

works for me to enable IPv6

@turbotorsten commented on GitHub (Nov 6, 2023): `"dst": ["::/0:*"],` works for me to enable IPv6

adam commented

2025-12-29 01:29:31 +01:00

@github-actions[bot] commented on GitHub (Feb 5, 2024):

This issue is stale because it has been open for 90 days with no activity.

@github-actions[bot] commented on GitHub (Feb 5, 2024): This issue is stale because it has been open for 90 days with no activity.

adam commented

2025-12-29 01:29:31 +01:00

@github-actions[bot] commented on GitHub (Feb 13, 2024):

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions[bot] commented on GitHub (Feb 13, 2024): This issue was closed because it has been inactive for 14 days since being marked as stale.

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#445