You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm a new user of Wazuh and recently deployed a single-node setup on my Kubuntu 22.04 with both real IPv4 and IPv6. I followed the docker-compose installation guide, but later when I tried to connect 1 of my agents to the server, I discovered that the IPv6 is not used at all, so all the traffic to the opened server ports from IPv6 is just ignored.
I tried to find a solution in the Wazuh online documentation, but I couldn't do that, except for a couple of low-level config options documented. While I did my investigation, I found out that the application's default settings disable IPv6.
I had to ask the community and with help from Ebuka John Onyejegbu, I managed to configure it to use both IPv4 and IPv6 transparently. Please check the Slack conversation to get more details, I'll describe only the final solution here:
the docker engine has to be configured to allow IPv6 communication by adding the next lines into the /etc/docker/daemon.json:
{
"experimental": true,
"ip6tables": true
}
restart the docker service on the server to apply changes in the /etc/docker/daemon.json
this network has to be mentioned in each service definition of the compose file
networks:
- wazuh_net
add the <ipv6>yes</ipv6> line into the remote and auth sections of the ./config/wazuh_cluster/wazuh_manager.conf
replace the 0.0.0.0 with the hostname of the corresponding container in the dashboard (./config/wazuh_dashboard/opensearch_dashboards.yml) and indexer (./config/wazuh_indexer/wazuh.indexer.yml) configs, as well as in the API config ./volumes/wazuh_api_configuration/api.yaml (see the docker-compose.yml doesn't contain important directives and definitions #1106 to find out why is it there and what is the ./volumes folder). BTW, it would be great to remap the wazuh_api_configuration to the ./config folder to be consistent.
recreate the compose solution by invocation of the down followed by up -d
Now both IPv4 and IPv6 protocols should work as expected. I think that the mentioned changes are mostly backward compatible with the IPv4-only environment, so they have to be set out-of-the-box and only some of them need to be commented out by default. The complete guide for the IPv6 use case has to be published on the documentation portal to provide clear instructions for users.
The text was updated successfully, but these errors were encountered:
Hi Team,
I'm a new user of Wazuh and recently deployed a single-node setup on my Kubuntu 22.04 with both real IPv4 and IPv6. I followed the docker-compose installation guide, but later when I tried to connect 1 of my agents to the server, I discovered that the IPv6 is not used at all, so all the traffic to the opened server ports from IPv6 is just ignored.
I tried to find a solution in the Wazuh online documentation, but I couldn't do that, except for a couple of low-level config options documented. While I did my investigation, I found out that the application's default settings disable IPv6.
I had to ask the community and with help from Ebuka John Onyejegbu, I managed to configure it to use both IPv4 and IPv6 transparently. Please check the Slack conversation to get more details, I'll describe only the final solution here:
/etc/docker/daemon.json:{ "experimental": true, "ip6tables": true }/etc/docker/daemon.jsondocker-compose.ymldoesn't contain important directives and definitions #1106 with moredocker-composechanges proposed) should be added to allow the solution to utilize the IPv6 capabilities in the case it is working on the host:<ipv6>yes</ipv6>line into theremoteandauthsections of the./config/wazuh_cluster/wazuh_manager.conf0.0.0.0with the hostname of the corresponding container in the dashboard (./config/wazuh_dashboard/opensearch_dashboards.yml) and indexer (./config/wazuh_indexer/wazuh.indexer.yml) configs, as well as in the API config./volumes/wazuh_api_configuration/api.yaml(see thedocker-compose.ymldoesn't contain important directives and definitions #1106 to find out why is it there and what is the./volumesfolder). BTW, it would be great to remap thewazuh_api_configurationto the./configfolder to be consistent.downfollowed byup -dNow both IPv4 and IPv6 protocols should work as expected. I think that the mentioned changes are mostly backward compatible with the IPv4-only environment, so they have to be set out-of-the-box and only some of them need to be commented out by default. The complete guide for the IPv6 use case has to be published on the documentation portal to provide clear instructions for users.
The text was updated successfully, but these errors were encountered: