[management, client] Add IPv6 overlay support (#5631)

2026-05-08 17:59:56 +00:00 · 2026-05-07 18:33:37 +09:00
parent f23aaa9ae7
commit 205ebcfda2
229 changed files with 10155 additions and 2816 deletions
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -279,6 +279,7 @@ type serviceClient struct {
 	sDisableDNS                 *widget.Check
 	sDisableClientRoutes        *widget.Check
 	sDisableServerRoutes        *widget.Check
+	sDisableIPv6                *widget.Check
 	sBlockLANAccess             *widget.Check
 	sEnableSSHRoot              *widget.Check
 	sEnableSSHSFTP              *widget.Check
@@ -299,6 +300,7 @@ type serviceClient struct {
 	disableDNS                 bool
 	disableClientRoutes        bool
 	disableServerRoutes        bool
+	disableIPv6                bool
 	blockLANAccess             bool
 	enableSSHRoot              bool
 	enableSSHSFTP              bool
@@ -468,6 +470,7 @@ func (s *serviceClient) showSettingsUI() {
 	s.sDisableDNS = widget.NewCheck("Keeps system DNS settings unchanged", nil)
 	s.sDisableClientRoutes = widget.NewCheck("This peer won't route traffic to other peers", nil)
 	s.sDisableServerRoutes = widget.NewCheck("This peer won't act as router for others", nil)
+	s.sDisableIPv6 = widget.NewCheck("Disable IPv6 overlay addressing", nil)
 	s.sBlockLANAccess = widget.NewCheck("Blocks local network access when used as exit node", nil)
 	s.sEnableSSHRoot = widget.NewCheck("Enable SSH Root Login", nil)
 	s.sEnableSSHSFTP = widget.NewCheck("Enable SSH SFTP", nil)
@@ -585,6 +588,7 @@ func (s *serviceClient) hasSettingsChanged(iMngURL string, port, mtu int64) bool
 		s.disableDNS != s.sDisableDNS.Checked ||
 		s.disableClientRoutes != s.sDisableClientRoutes.Checked ||
 		s.disableServerRoutes != s.sDisableServerRoutes.Checked ||
+		s.disableIPv6 != s.sDisableIPv6.Checked ||
 		s.blockLANAccess != s.sBlockLANAccess.Checked ||
 		s.hasSSHChanges()
 }
@@ -637,6 +641,7 @@ func (s *serviceClient) buildSetConfigRequest(iMngURL string, port, mtu int64) (
 	req.DisableDns = &s.sDisableDNS.Checked
 	req.DisableClientRoutes = &s.sDisableClientRoutes.Checked
 	req.DisableServerRoutes = &s.sDisableServerRoutes.Checked
+	req.DisableIpv6 = &s.sDisableIPv6.Checked
 	req.BlockLanAccess = &s.sBlockLANAccess.Checked

 	req.EnableSSHRoot = &s.sEnableSSHRoot.Checked
@@ -676,24 +681,23 @@ func (s *serviceClient) sendConfigUpdate(req *proto.SetConfigRequest) error {
 		return fmt.Errorf("set config: %w", err)
 	}

-	// Reconnect if connected to apply the new settings
+	// Reconnect if connected to apply the new settings.
+	// Use a background context so the reconnect outlives the settings window.
 	go func() {
-		status, err := conn.Status(s.ctx, &proto.StatusRequest{})
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+		status, err := conn.Status(ctx, &proto.StatusRequest{})
 		if err != nil {
-			log.Errorf("get service status: %v", err)
+			log.Errorf("failed to get service status: %v", err)
 			return
 		}
 		if status.Status == string(internal.StatusConnected) {
-			// run down & up
-			_, err = conn.Down(s.ctx, &proto.DownRequest{})
-			if err != nil {
-				log.Errorf("down service: %v", err)
+			if _, err = conn.Down(ctx, &proto.DownRequest{}); err != nil {
+				log.Errorf("failed to stop service: %v", err)
 			}
-
-			_, err = conn.Up(s.ctx, &proto.UpRequest{})
-			if err != nil {
-				log.Errorf("up service: %v", err)
-				return
+			// TODO: wait for the service to be idle before calling Up, or use a fresh connection
+			if _, err = conn.Up(ctx, &proto.UpRequest{}); err != nil {
+				log.Errorf("failed to start service: %v", err)
 			}
 		}
 	}()
@@ -730,6 +734,7 @@ func (s *serviceClient) getNetworkForm() *widget.Form {
 			{Text: "Disable DNS", Widget: s.sDisableDNS},
 			{Text: "Disable Client Routes", Widget: s.sDisableClientRoutes},
 			{Text: "Disable Server Routes", Widget: s.sDisableServerRoutes},
+			{Text: "Disable IPv6", Widget: s.sDisableIPv6},
 			{Text: "Disable LAN Access", Widget: s.sBlockLANAccess},
 		},
 	}
@@ -1327,6 +1332,7 @@ func (s *serviceClient) getSrvConfig() {
 	s.disableDNS = cfg.DisableDNS
 	s.disableClientRoutes = cfg.DisableClientRoutes
 	s.disableServerRoutes = cfg.DisableServerRoutes
+	s.disableIPv6 = cfg.DisableIPv6
 	s.blockLANAccess = cfg.BlockLANAccess

 	if cfg.EnableSSHRoot != nil {
@@ -1367,6 +1373,7 @@ func (s *serviceClient) getSrvConfig() {
 		s.sDisableDNS.SetChecked(cfg.DisableDNS)
 		s.sDisableClientRoutes.SetChecked(cfg.DisableClientRoutes)
 		s.sDisableServerRoutes.SetChecked(cfg.DisableServerRoutes)
+		s.sDisableIPv6.SetChecked(cfg.DisableIPv6)
 		s.sBlockLANAccess.SetChecked(cfg.BlockLANAccess)
 		if cfg.EnableSSHRoot != nil {
 			s.sEnableSSHRoot.SetChecked(*cfg.EnableSSHRoot)
@@ -1454,6 +1461,7 @@ func protoConfigToConfig(cfg *proto.GetConfigResponse) *profilemanager.Config {
 	config.DisableDNS = cfg.DisableDns
 	config.DisableClientRoutes = cfg.DisableClientRoutes
 	config.DisableServerRoutes = cfg.DisableServerRoutes
+	config.DisableIPv6 = cfg.DisableIpv6
 	config.BlockLANAccess = cfg.BlockLanAccess

 	config.EnableSSHRoot = &cfg.EnableSSHRoot
--- a/client/ui/event/event.go
+++ b/client/ui/event/event.go
@@ -112,7 +112,7 @@ func (e *Manager) handleEvent(event *proto.SystemEvent) {
 	handlers := slices.Clone(e.handlers)
 	e.mu.Unlock()

-	if event.UserMessage != "" && (enabled || event.Severity == proto.SystemEvent_CRITICAL) {
+	if event.UserMessage != "" && (enabled || event.Severity == proto.SystemEvent_CRITICAL) && !isV6DefaultRoutePartner(event) {
 		title := e.getEventTitle(event)
 		body := event.UserMessage
 		id := event.Metadata["id"]
@@ -133,6 +133,14 @@ func (e *Manager) AddHandler(handler Handler) {
 	e.handlers = append(e.handlers, handler)
 }

+// isV6DefaultRoutePartner reports whether the event is the IPv6 half of a
+// paired v4/v6 default-route event. Management always pairs ::/0 with 0.0.0.0/0
+// for exit nodes, so the v4 partner already drives the user-facing toast and
+// the v6 one is suppressed to avoid a duplicate notification.
+func isV6DefaultRoutePartner(event *proto.SystemEvent) bool {
+	return event.Category == proto.SystemEvent_NETWORK && event.Metadata["network"] == "::/0"
+}
+
 func (e *Manager) getEventTitle(event *proto.SystemEvent) string {
 	var prefix string
 	switch event.Severity {
--- a/client/ui/network.go
+++ b/client/ui/network.go
@@ -192,10 +192,14 @@ func getOverlappingNetworks(routes []*proto.Network) []*proto.Network {
 	return filteredRoutes
 }

+func isDefaultRoute(routeRange string) bool {
+	return routeRange == "0.0.0.0/0" || routeRange == "::/0"
+}
+
 func getExitNodeNetworks(routes []*proto.Network) []*proto.Network {
 	var filteredRoutes []*proto.Network
 	for _, route := range routes {
-		if route.Range == "0.0.0.0/0" {
+		if isDefaultRoute(route.Range) {
 			filteredRoutes = append(filteredRoutes, route)
 		}
 	}
@@ -499,7 +503,7 @@ func (s *serviceClient) getExitNodes(conn proto.DaemonServiceClient) ([]*proto.N

 	var exitNodes []*proto.Network
 	for _, network := range resp.Routes {
-		if network.Range == "0.0.0.0/0" {
+		if isDefaultRoute(network.Range) {
 			exitNodes = append(exitNodes, network)
 		}
 	}