Skip to content

Add optional IPv6 GUA dual-stack support via IP6_SUBNET#405

Closed
ohshitgorillas wants to merge 1 commit intolinuxserver:masterfrom
ohshitgorillas:claude/add-ipv6-gua-support-8r6Se
Closed

Add optional IPv6 GUA dual-stack support via IP6_SUBNET#405
ohshitgorillas wants to merge 1 commit intolinuxserver:masterfrom
ohshitgorillas:claude/add-ipv6-gua-support-8r6Se

Conversation

@ohshitgorillas
Copy link
Copy Markdown

@ohshitgorillas ohshitgorillas commented Feb 3, 2026

Introduce the IP6_SUBNET environment variable for native IPv6 global unicast address support on WireGuard tunnels. When set the server receives ::1/128 and peers are assigned sequential ::2/128, ::3/128, etc. addresses alongside their existing IPv4 addresses. The feature is entirely opt-in; omitting IP6_SUBNET preserves current behaviour with zero changes to generated configs.

Changes

  • root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run

    • Validate IP6_SUBNET: strip optional CIDR prefix, enforce prefix length >= /64, require trailing colon, reject non-hex characters.
    • Set IP6_ADDR_SERVER for the server template.
    • Extract CLIENT_IP6 from existing peer confs (cut -d, -f2 on the Address field); invalidate on subnet change for reassignment.
    • IPv6 conflict-detection loop mirrors the existing IPv4 logic.
    • Include CLIENT_IP6 in server-conf AllowedIPs for each peer.
    • Persist ORIG_IP6_SUBNET in save_vars; add IP6_SUBNET to the change-detection condition that triggers conf regeneration.
    • Backward-compat sed patches upgrade existing user templates that predate this change (mirrors the earlier PresharedKey migration).

  • root/defaults/server.conf

    • Address line conditionally appends ,<IP6_ADDR_SERVER> when set.

  • root/defaults/peer.conf

    • Address line conditionally appends ,<CLIENT_IP6> when set.

  • readme-vars.yml

    • Add IP6_SUBNET to opt_param_env_vars with full description.
    • List IP6_SUBNET among vars that trigger conf regeneration.
    • New "IPv6 GUA Support" section: requirements (SYS_MODULE, router routes), complete host-mode and bridge-mode docker-compose examples, and explicit notes on ephemeral host routes.

https://claude.ai/code/session_01QdSdYNzFJjZVymw6NNbGP5

linuxserver.io

  • I have read the contributing guideline and understand that I have made the correct modifications

Description:

Benefits of this PR and context:

How Has This Been Tested?

Source / References:

@claude
Add optional IPv6 GUA dual-stack support via IP6_SUBNET
8d641a2 
Introduce the IP6_SUBNET environment variable for native IPv6 global
unicast address support on WireGuard tunnels.  When set the server
receives ::1/128 and peers are assigned sequential ::2/128, ::3/128,
etc. addresses alongside their existing IPv4 addresses.  The feature
is entirely opt-in; omitting IP6_SUBNET preserves current behaviour
with zero changes to generated configs.

Changes
-------
* root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run
  - Validate IP6_SUBNET: strip optional CIDR prefix, enforce prefix
    length >= /64, require trailing colon, reject non-hex characters.
  - Set IP6_ADDR_SERVER for the server template.
  - Extract CLIENT_IP6 from existing peer confs (cut -d, -f2 on the
    Address field); invalidate on subnet change for reassignment.
  - IPv6 conflict-detection loop mirrors the existing IPv4 logic.
  - Include CLIENT_IP6 in server-conf AllowedIPs for each peer.
  - Persist ORIG_IP6_SUBNET in save_vars; add IP6_SUBNET to the
    change-detection condition that triggers conf regeneration.
  - Backward-compat sed patches upgrade existing user templates that
    predate this change (mirrors the earlier PresharedKey migration).

* root/defaults/server.conf
  - Address line conditionally appends ,<IP6_ADDR_SERVER> when set.

* root/defaults/peer.conf
  - Address line conditionally appends ,<CLIENT_IP6> when set.

* readme-vars.yml
  - Add IP6_SUBNET to opt_param_env_vars with full description.
  - List IP6_SUBNET among vars that trigger conf regeneration.
  - New "IPv6 GUA Support" section: requirements (SYS_MODULE,
    router routes), complete host-mode and bridge-mode docker-compose
    examples, and explicit notes on ephemeral host routes.

https://claude.ai/code/session_01QdSdYNzFJjZVymw6NNbGP5
github-actions[bot]
github-actions bot reviewed Feb 3, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for opening this pull request! Be sure to follow the pull request template!

@LinuxServer-CI LinuxServer-CI moved this from PRs to Done in Issue & PR Tracker Feb 3, 2026
@ohshitgorillas ohshitgorillas deleted the claude/add-ipv6-gua-support-8r6Se branch February 3, 2026 01:28
@LinuxServer-CI
Copy link
Copy Markdown
Contributor

LinuxServer-CI commented Feb 3, 2026

I am a bot, here is the pushed image/manifest for this PR:

ghcr.io/linuxserver/lspipepr-wireguard:1.0.20250521-r1-pkg-4fd14d9b-dev-8d641a2b8cd3f77770385e3eb0b7f8dc4c1552e9-pr-405

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

Issue & PR Tracker
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ohshitgorillas @LinuxServer-CI @claude