Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[6.11.5/6.12.0rc6][docker] Any 1st IPv6 request fails with: no route to host

Featured Replies

Iam on 6.11.5 for my prod system and experienced a strange issue.

 

I use br0 with fixed ip. My br0 looks like (btw: the code block is missing JSON as format):

 

[
    {
        "Name": "br0",
        "Id": "5ec57e4baea4b76618a625d494cd6269967f5cde931e18b0d7d0a728264dfb1f",
        "Created": "2023-05-10T07:17:50.118211813+02:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": true,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.178.0/24",
                    "Gateway": "192.168.178.1",
                    "AuxiliaryAddresses": {
                        "server": "192.168.178.3"
                    }
                },
                {
                    "Subnet": "**masked**",
                    "Gateway": "**masked**",
                    "AuxiliaryAddresses": {
                        "server6": "**masked**"
                    }
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            mycontainers
        },
        "Options": {
            "parent": "br0"
        },
        "Labels": {}
    }
]

 

If I run containers like bullseye or jammy like:

docker run --name='test' --net='br0' --ip='192.168.178.16' -it ubuntu:jammy /bin/bash

 

then the first IPv6 request (tested with openbssl s_client) fails with "no route to host". Any attempt afterwards works. I never noticed such things since all containers are v6 enabled and they are running. even apt is not throwing errors, but maybe they work another way?

 

I first noticed it by an app which uses libssl and throwing connect errors. digging deeper with openssl s_client showed the above issue.

 

Any experiences with this? Maybe a docker bug which got fixed within new rleases? Did not tested it with latest unraid rc.

I dont know if this is a very specific issue, maybe it is.

 

EDIT: Also happending with latest rc6 and docker 23.0.6:

 

root@4213d6b86d58:/# openssl s_client -6 -connect testsite:443
40879E9DE9140000:error:80000071:system library:BIO_connect:No route to host:../crypto/bio/bio_sock2.c:125:calling connect()
40879E9DE9140000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:127:
connect:errno=113
root@4213d6b86d58:/# openssl s_client -6 -connect testsite:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = testsite
verify return:1
...

 

Edited by KluthR

  • KluthR changed the title to [6.11.5/6.12.0rc6][docker] Any 1st IPv6 request fails with: no route to host
  • Author

For anybody to test, Ive created a small docker image which outputs a test. It starts a openssl s_client -6 connect test (forces v6!).

 

Running with:

docker run --rm -e TESTURL=google.com:443 rkluth/ipv6test:latest

uses default host network - all is working! But as soon as br0 comes in, the first connect try fails!

 

docker run --rm --net=br0 -e TESTURL=google.com:443 rkluth/ipv6test:latest

 

The output with my issue looks like:

 

Welcome!
Run 1...
22497312937280:error:02002071:system library:connect:No route to host:../crypto/bio/b_sock2.c:110:
22497312937280:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=113
Run 1 failed
Run2...
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
DONE
Succeeded!

 

The test requires a IPv6 enabled br0 interface.

 

Can anyone give it a try if the "issue" or whatever this is, exists on other setups too? Any docker pro who can explain this?

EDIT: If you are curious, this is the entryscript: https://pastebin.com/NLFJNveF

 

Thanks!

Edited by KluthR

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.