Skip to content

GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole#268

Open
pv2b wants to merge 3 commits intoapache:mainfrom
pv2b:tomcat-ipv6
Open

GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole#268
pv2b wants to merge 3 commits intoapache:mainfrom
pv2b:tomcat-ipv6

Conversation

@pv2b
Copy link
Copy Markdown

@pv2b pv2b commented Feb 25, 2025

This adds a documentation section for how to configure tomcat to prefer outbound IPv6 connections, which is useful in an IPv6-only environment.

NOTE: This PR should not be merged before #267 is merged, since there's a link to a chapter added in that PR, about configuring guacd for IPv6, which must be done when enabling this.

@pv2b pv2b marked this pull request as draft February 25, 2025 18:03
@pv2b pv2b changed the title GUACAMOLE-2037: Make listen address configurable GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole Feb 25, 2025
@pv2b
Copy link
Copy Markdown
Author

pv2b commented Feb 25, 2025

Sorry for the confusion, got my commits mixed up, this should be the correct commit.

@pv2b pv2b marked this pull request as ready for review February 25, 2025 18:06
mike-jumper
mike-jumper requested changes Feb 25, 2025
View reviewed changes
Comment thread src/guacamole-docker.md Outdated
Comment on lines +183 to +193
By default, Guacamole will use IPv4 for all outbound connections, where an
A record is present in DNS. IPv6 will be used only if there are only AAAA
records in DNS, or if an IPv6 address is hard-coded.

Additionally, Guacamole will only attempt to make one connection to a single
IP address, so if the IPv4 connection fails, it will not fall back to IPv6.
This can be problematic for IPv6-only deployments, where such connections may
fail with a "Network is unreachable" error.

To override this, set the `JAVA_OPTS` environment variable to
`-Djava.net.preferIPv6Addresses=true`.
Copy link
Copy Markdown
Contributor

@mike-jumper mike-jumper Feb 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is entirely correct:

  • The JVM defaults to preferring IPv4. That's not to say this isn't worth documenting, but it's not something specific to the Guacamole webapp.

  • As written, it sounds like connections to other machines (ie: remote desktops) will fail for IPv6, but this is not the case. The JVM configuration option in question controls only whether IPv6 is used by the JVM, which would affect only the connection to guacd itself and external auth systems (databases, LDAP, etc.).

    This is eventually clarified later, but I think we can avoid the confusion earlier by specifically noting what this affects. Users would need to set this option only in the event that they need IPv6 to communicate with their own guacd service, their own database, or other authentication backends.

Copy link
Copy Markdown
Author

@pv2b pv2b Feb 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've re-worded this documentation section, hopefully this addresses your concerns

@pv2b pv2b requested a review from mike-jumper February 26, 2025 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mike-jumper mike-jumper Awaiting requested review from mike-jumper

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pv2b @mike-jumper