Cloudflared on Docker - issue with ipv6

I’ve got an attempt at starting up the cloudflared tunnel via docker-compose.

  tunnel:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    volumes:
     - ${DOCKER_HOME}/cloudflared:/.cloudflared
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<redacted>

Issue when starting up is the apparent use of ipv6. Could someone help me tweak the settings to tell cloudflared to stick to ipv4? THANKS!

Container log:

tunnel_1            | 2022-11-15T18:20:28Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
tunnel_1            | 2022-11-15T18:20:28Z INF Initial protocol quic
tunnel_1            | 2022-11-15T18:20:28Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.10.3&os=linux\": dial tcp: lookup update.argotunnel.com on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | 2022-11-15T18:20:28Z INF ICMP proxy will use 172.18.0.3 as source for IPv4
tunnel_1            | 2022-11-15T18:20:28Z INF ICMP proxy will use :: as source for IPv6
tunnel_1            | 2022-11-15T18:20:28Z ERR Error opening metrics server listener error="lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | Error opening metrics server listener: lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol

Can’t (seem to) edit.

Distributor ID: Ubuntu
Description:    Ubuntu 22.10
Release:        22.10
Codename:       kinetic

Try changing

command: tunnel run

to

command: --edge-ip-version 4 tunnel run

Unfortunately no change :frowning:

  tunnel:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    volumes:
     - ${DOCKER_HOME}/cloudflared:/.cloudflared
    command: --edge-ip-version 4 tunnel run
    environment:
      - TUNNEL_TOKEN=

Does your docker instance configured to support ipv6?

Not on purpose. I don’t usually want to (or need to) run any ipv6 stuff. My ISP doesn’t adding ipv6 either.

Quick sanity check, does cloudflared actually exit when it hits the error or does it continue. It seems like this is something that should be reported on the cloudflared repo.

Yes, thanks for checking. It restarts do to my unless-stopped entry in docker-compose.

Here’s the log again. The entries have not changed despite trying the ipv4 setting previous suggested. I’ve also turned off ipv6 in the kernel and nothing changed either.

tunnel_1            | 2022-11-16T22:13:32Z INF Starting tunnel tunnelID=dbb612e7-4af3-42fb-ad2c-ac8b590d3641
tunnel_1            | 2022-11-16T22:13:32Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
tunnel_1            | 2022-11-16T22:13:32Z INF Version 2022.10.3
tunnel_1            | 2022-11-16T22:13:32Z INF GOOS: linux, GOVersion: go1.19.2, GoArch: amd64
tunnel_1            | 2022-11-16T22:13:32Z INF Settings: map[edge-ip-version:4 no-autoupdate:true]
tunnel_1            | 2022-11-16T22:13:32Z INF Environmental variables map[TUNNEL_TOKEN:*****]
tunnel_1            | 2022-11-16T22:13:32Z INF Generated Connector ID: edd7ba69-3e68-463d-b323-25bbc3c1c433
tunnel_1            | 2022-11-16T22:13:32Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
tunnel_1            | 2022-11-16T22:13:32Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.10.3&os=linux\": dial tcp: lookup update.argotunnel.com on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | 2022-11-16T22:13:32Z INF Initial protocol quic
tunnel_1            | 2022-11-16T22:13:32Z INF ICMP proxy will use 172.18.0.3 as source for IPv4
tunnel_1            | 2022-11-16T22:13:32Z INF ICMP proxy will use :: as source for IPv6
tunnel_1            | 2022-11-16T22:13:32Z ERR Error opening metrics server listener error="lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | Error opening metrics server listener: lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol

and here with debug on - not much more info:

tunnel_1            | 2022-11-16T22:17:22Z INF Starting tunnel tunnelID=<redacted>
tunnel_1            | 2022-11-16T22:17:22Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
tunnel_1            | 2022-11-16T22:17:22Z INF Version 2022.10.3
tunnel_1            | 2022-11-16T22:17:22Z INF GOOS: linux, GOVersion: go1.19.2, GoArch: amd64
tunnel_1            | 2022-11-16T22:17:22Z INF Settings: map[edge-ip-version:4 no-autoupdate:true]
tunnel_1            | 2022-11-16T22:17:22Z INF Environmental variables map[TUNNEL_LOGLEVEL:debug TUNNEL_TOKEN:*****]
tunnel_1            | 2022-11-16T22:17:22Z INF Generated Connector ID: e9fb7ce7-f254-44f8-bf2b-cb96ab172a19
tunnel_1            | 2022-11-16T22:17:22Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
tunnel_1            | 2022-11-16T22:17:22Z INF Initial protocol quic
tunnel_1            | 2022-11-16T22:17:22Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.10.3&os=linux\": dial tcp: lookup update.argotunnel.com on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | 2022-11-16T22:17:22Z INF ICMP proxy will use 172.18.0.4 as source for IPv4
tunnel_1            | 2022-11-16T22:17:22Z DBG Failed to determine the IPv6 for this machine. It will use :: to send/listen for ICMPv6 echo
tunnel_1            | 2022-11-16T22:17:22Z INF ICMP proxy will use :: as source for IPv6
tunnel_1            | 2022-11-16T22:17:22Z DBG failed to create ICMPv6 proxy, only ICMPv4 proxy is created error="socket: address family not supported by protocol"
tunnel_1            | 2022-11-16T22:17:22Z ERR Error opening metrics server listener error="lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1            | Error opening metrics server listener: lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol
docker-stacks_tunnel_1 exited with code 1

Yeah this should be reported on the cloudflared repo.

Thanks for the suggestion…

FYI: https://github.com/cloudflare/cloudflared/issues/811