Bug 29576 - univention-squid: IPv6 funktiontiert nicht
univention-squid: IPv6 funktiontiert nicht
Product: UCS
Classification: Unclassified
Component: Squid
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Lukas Oyen
Janek Walkenhorst
Depends on:
  Show dependency treegraph
Reported: 2012-12-05 18:17 CET by Janek Walkenhorst
Modified: 2017-06-19 15:04 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): IPv6
Max CVSS v3 score:

Patchset to enable ipv6 in squid.conf (20.00 KB, application/x-tar)
2016-09-16 10:48 CEST, Lukas Oyen

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2012-12-05 18:17:16 CET
Wenn man auf einem IPv6-only System
setzt, dann ist der Zugriff auf den Proxy trotzdem gesperrt.

Das setzen von squid/allowfrom funktioniert auch nicht:

# ucr set squid/allowfrom='2001:db8::/32'
Setting squid/allowfrom
File: /etc/squid3/squid.conf
Traceback (most recent call last):
  File "<stdin>", line 145, in <module>
  File "/usr/lib/python2.6/dist-packages/ipaddr.py", line 1274, in __init__
    raise AddressValueError(addr[0])
ipaddr.AddressValueError: 2001:db8::
Comment 1 Moritz Bunkus 2014-03-26 11:50:46 CET
Ja, das betrifft mich jetzt mit UCS 3.2 ebenfalls. Beide Punkte sind immer noch aktuell.
Comment 2 Lukas Oyen univentionstaff 2016-09-16 10:48:31 CEST
Created attachment 8016 [details]
Patchset to enable ipv6 in squid.conf

Contained within the tar archive is a patchset to enable ipv6 in squid.conf. The following changes were made:

1) extend ACL rules `localhost`/`to_localhost` to allow ipv6 addresses
2) small code cleanup
3) extend the parsing of networks from UCR variables `squid/allowfrom` and `squid/parent/directnetworks` to recognize ipv6 networks
4) include all locally configured ipv6 addresses as known squid3 source addresses
Comment 3 Lukas Oyen univentionstaff 2017-04-20 16:12:00 CEST
Fix to `squid/allowfrom` committed in r78854-r78856, YAML r78858.

The access from a IPv6 localnet should have been supported since the update in r77193.
Comment 4 Janek Walkenhorst univentionstaff 2017-06-19 12:35:53 CEST
Tests: OK
Advisory: OK
Comment 5 Janek Walkenhorst univentionstaff 2017-06-19 15:04:46 CEST