Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole #268

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole #268

wants to merge 3 commits into from
+34 −0

Conversation

pv2b
Copy link

@pv2b pv2b commented Feb 25, 2025

This adds a documentation section for how to configure tomcat to prefer outbound IPv6 connections, which is useful in an IPv6-only environment.

NOTE: This PR should not be merged before #267 is merged, since there's a link to a chapter added in that PR, about configuring guacd for IPv6, which must be done when enabling this.

@pv2b pv2b marked this pull request as draft February 25, 2025 18:03
@pv2b pv2b changed the title GUACAMOLE-2037: Make listen address configurable GUACAMOLE-2038: Document configuring outbound IPv6 connections from guacamole Feb 25, 2025
@pv2b
Copy link
Author

pv2b commented Feb 25, 2025

Sorry for the confusion, got my commits mixed up, this should be the correct commit.

@pv2b pv2b marked this pull request as ready for review February 25, 2025 18:06
mike-jumper
mike-jumper requested changes Feb 25, 2025
View reviewed changes
src/guacamole-docker.md Outdated
Comment on lines 183 to 193
By default, Guacamole will use IPv4 for all outbound connections, where an
A record is present in DNS. IPv6 will be used only if there are only AAAA
records in DNS, or if an IPv6 address is hard-coded.

Additionally, Guacamole will only attempt to make one connection to a single
IP address, so if the IPv4 connection fails, it will not fall back to IPv6.
This can be problematic for IPv6-only deployments, where such connections may
fail with a "Network is unreachable" error.

To override this, set the `JAVA_OPTS` environment variable to
`-Djava.net.preferIPv6Addresses=true`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is entirely correct:

  • The JVM defaults to preferring IPv4. That's not to say this isn't worth documenting, but it's not something specific to the Guacamole webapp.

  • As written, it sounds like connections to other machines (ie: remote desktops) will fail for IPv6, but this is not the case. The JVM configuration option in question controls only whether IPv6 is used by the JVM, which would affect only the connection to guacd itself and external auth systems (databases, LDAP, etc.).

    This is eventually clarified later, but I think we can avoid the confusion earlier by specifically noting what this affects. Users would need to set this option only in the event that they need IPv6 to communicate with their own guacd service, their own database, or other authentication backends.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've re-worded this documentation section, hopefully this addresses your concerns

@pv2b pv2b requested a review from mike-jumper February 26, 2025 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mike-jumper mike-jumper Awaiting requested review from mike-jumper

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pv2b @mike-jumper