{{Header}}
{{Title|title=
IPv6 support in {{project_name_long}}
}}
{{#seo:
|description=Enabling and using IPv6 in {{project_name_short}}.
}}
* [[IPv6|IPv6 - User Documentation]]
* [[Dev/ipv6|IPv6 - Developers]]
{{intro|
Enabling and using IPv6 in {{project_name_short}}.
}}
= Introduction =
* Protocol overview: IPv6 is the newer version of the Internet's addressing system. Like the older IPv4, it helps devices find and talk to each other over a network or the Internet.
* Main advantage: IPv6 offers many more unique addresses than IPv4, which helps solve the problem of running out of IP addresses.
* Adoption issues: Some networks still only support IPv4. Others support both IPv4 and IPv6. A few newer networks only support IPv6, which can cause connection problems for older systems or software that don’t support IPv6.
= Whonix IPv6 Status =
* {{project_name_short}} 17 and below: Only partial support for IPv6.
* {{project_name_short}} 18 and higher: Full IPv6 support built in.
= Support in {{project_name_short}} =
'''In {{project_name_short}} 17 (older version):'''
* Tor Browser access: Websites and services that use IPv6 can be reached with Tor Browser from {{project_name_workstation_short}}.
* Workstation to Gateway communication: The connection between {{project_name_workstation_short}} and {{project_name_gateway_short}} still uses IPv4 only.
* Gateway to Tor network: {{project_name_gateway_short}} connects to the Tor network using only IPv4. IPv6 is completely disabled here. However, Tor can still access IPv6 websites by tunneling through the IPv4 network.
* Command-line utilities: Most tools used in the terminal on {{project_name_workstation_short}} don’t work with IPv6 unless special workarounds are used.
'''In {{project_name_short}} 18 (newer version):'''
* Tor Browser access: Websites and services that use IPv6 can be accessed without issues from {{project_name_workstation_short}}.
* Workstation to Gateway communication: Still uses IPv4 by default, but applications inside {{project_name_workstation_short}} can connect to {{project_name_gateway_short}} over IPv6 to access Tor.
* Gateway to Tor network: {{project_name_gateway_short}} can use either IPv4 or IPv6 to reach the Tor network. It prefers IPv4, but will use IPv6 if configured that way or if IPv4 isn't available. This only works if your virtualization software supports IPv6 NAT and autoconfiguration.
* Command-line utilities: Tools like curl in {{project_name_workstation_short}} can access IPv6 sites without extra setup. Other tools may still need manual configuration or workarounds.
= Host Networking IPv4 versus IPv6 Connectivity Status =
Not sure if your Internet connection supports IPv6, IPv4, or both? Use the following websites to check.
Notes:
* Run tests on host: You must visit these websites on the host operating system (not inside {{project_name_short}}).
* Link disclaimer: [[Terms_of_Service#Links_To_Other_Web_Sites|These links]] are [[Terms_of_Service#Non-Endorsement|not endorsements]]. They are only examples. Many similar test websites exist.
* Tests overview:
** Normal Test: Checks if your connection supports both IPv4 and IPv6.
** IPv4 only Test: If this doesn't work, it may mean your network only supports IPv6, or something is misconfigured.
** IPv6 only Test: If this doesn't work, that’s usually okay.
* Example test websites:
** ip6.me
*** [https://ip6.me/ ip6.me: Normal Test]
*** [https://ip4.me/ ip6.me: IPv4 only Test]
*** [https://ip6only.me/ ip6.me: IPv6 only Test]
** [https://test-ipv6.com test-ipv6.com]: Provides a detailed test of IPv4 and IPv6 connectivity.
= Enabling IPv6 support in virtualizers =
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text =
Version-specific notice: These instructions are for {{project_name_short}} 18 or later only.
Trying this on {{project_name_short}} 17 won't work, and might break networking.
}}
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = Platform specific notice. Not all virtualizers supported by {{project_name_short}} will allow {{project_name_gateway_short}} to configure IPv6 routing automatically. If the virtualizer does not properly support IPv6, {{project_name_gateway_short}} will only be able to communicate to the Tor network via IPv4. This will block connectivity for users on IPv6-only networks.
}}
The steps below explain how to enable IPv6 support in each virtualization platform supported by {{project_name_short}}.
== VirtualBox ==
* Versions before 7.1: Do not support IPv6 NAT. Only IPv4 connections work when using NAT.
** Workaround before 7.1: You could try switching {{project_name_gateway_short}} to a bridged network to allow IPv6. But this exposes it to your local network and increases risk. Not recommended.
* Versions 7.1 and later: IPv6 NAT works by default. No changes needed.
** Confirmed working: IPv6 has been successfully tested with VirtualBox 7.2.2.
== libvirt (KVM) ==
libvirt supports IPv6 NAT starting with version 6.5.0. [https://libvirt.org/news.html#v6-5-0-2020-07-03]
To check your installed libvirt version:
{{CodeSelect|code=
virsh --version
}}
However, by default, IPv6 autoconfiguration does **not** work in {{project_name_short}} 18. This is because {{project_name_short}} disables the use of dnsmasq on the host for {{project_name_short}} VMs. This improves security by reducing the risk of attacks from VMs to the host. [https://forums.whonix.org/t/whonix-kvm-dnsmasq-listen-port-on-host-operating-system-attack-surface-reduction/15973]
But disabling dnsmasq also prevents IPv6 autoconfiguration from working. dnsmasq is the tool that sends the “router advertisement” signals needed to automatically set up IPv6 in {{project_name_gateway_short}}.
To fix this, you can re-enable dnsmasq for {{project_name_short}}'s virtual networks by following these steps:
{{Box|text=
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = These changes will make the host more vulnerable to attacks from compromised VMs or other devices on your local network. Carefully consider your threat model before following these instructions.
}}
'''1.''' Make sure dnsmasq-base (or the equivalent package for your host operating system) is installed.
'''2.''' Launch "Virtual Machine Manager" (virt-manager) on the host.
'''3.''' Click Edit → Preferences.
'''4.''' Enable Enable XML editing by checking the box.
'''5.''' Click Close.
'''6.''' Click Edit → Connection Details.
'''7.''' Go to the Virtual Networks tab.
'''8.''' Select the {{project_name_short}}-External network.
'''9.''' In the settings viewer on the right side of the connection details window, click the XML tab.
'''10.''' Remove this line:
{{CodeSelect|code=
}}
'''11.''' Click Apply.
'''12.''' Click the Stop Network button underneath the connection details window's left sidebar. (This button is the third button from the left, hover over it to see the name of the button.)
'''13.''' Click the Start Network button underneath the connection details window's left sidebar. (This button is the second button from the left.)
'''14.''' Select the {{project_name_short}}-Internal network.
'''15.''' Remove the same line again:
{{CodeSelect|code=
}}
'''16.''' Click Apply.
'''17.''' Stop this network too.
'''18.''' Start it again.
'''19.''' Fully shut down and restart both the {{project_name_gateway_short}} and {{project_name_workstation_short}} VMs.
'''20.''' Done.
IPv6 autoconfiguration should now work in libvirt.
}}
== Qubes OS ==
Qubes OS does support IPv6, but it is turned off by default. To turn it on, follow the guide in the [https://doc.qubes-os.org/en/latest/developer/system/networking.html#ipv6 Qubes OS networking documentation].
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]