Hi! We probably have the similar problem as Setup IPv6 over IPv4 but we went a bit deeper with the workaround:
We have Pritunl server that has both IPv4 + IPv6 connectivity and it gives IPv6 addresses + default route to the clients. IPv6 connectivity works fine over Pritunl. The problem is when Mac client has native IPv4-only connectivity, it can not resolve DNS names that have only AAAA resource records.
The reason is that Mac resolver needs enabling IPv6 in resolver, which does not happen because of native IPv6 connectivity and Pritunl does not do it either (even though it provides IPv6 addresses, default GW and everything). This is what I see on Mac on IPv4-only network with IPv6-enabled Pritunl connected as utun4
:
% scutil --dns
DNS configuration
resolver #1
nameserver[0] : 1.1.1.1
nameserver[1] : 1.0.0.1
flags : Supplemental, Request A records
reach : 0x00000002 (Reachable)
order : 101400
resolver #2
nameserver[0] : 8.8.8.8
nameserver[1] : 1.1.1.1
flags : Request A records
reach : 0x00000002 (Reachable)
order : 200000
<removed mdns records for brevity>
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 8.8.8.8
nameserver[1] : 1.1.1.1
if_index : 15 (en0)
flags : Scoped, Request A records
reach : 0x00000000 (Not Reachable)
This hack helped:
% sudo python3 ipv6-resolver-up.py up en0 11:18:46
Password:
d.init
d.add Addresses *
d.add DestAddresses *
d.add InterfaceName en0
set State:/Network/Service/en0/IPv4
set Setup:/Network/Service/en0/IPv4
d.init
d.add Addresses * fe80::145f:8ccf:9399:5f14
d.add DestAddresses * ::ffff:ffff:ffff:ffff:0:0
d.add Flags * 0
d.add InterfaceName en0
d.add PrefixLength * 64
set State:/Network/Service/en0/IPv6
set Setup:/Network/Service/en0/IPv6
After that I had:
% scutil --dns
DNS configuration
resolver #1
nameserver[0] : 1.1.1.1
nameserver[1] : 1.0.0.1
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
order : 101400
resolver #2
nameserver[0] : 8.8.8.8
nameserver[1] : 1.1.1.1
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
order : 200000
<removed mdns records for brevity>
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 8.8.8.8
nameserver[1] : 1.1.1.1
if_index : 15 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
But I guess there should be more fine-grained way of enabling it specifically on utun4
?
There are numerous similar issues with other OpenVPN and other VPNs on MacOS that provide insights into this:
- Name resolution not reconfigured for AAAA when IPv6 active only on VPN link · Issue #490 · Tunnelblick/Tunnelblick · GitHub
- macos - How to add AAAA flag (IPv6) to DNS resolver configuration on Sierra? - Ask Different
Could you consider adding the functionality to enable IPv6 resolver in Pritunl Mac client?
Or is there a way to piggy-back a hook script after Pritunl connects so I can run my scutil ...
workaround on the client side after each connect instead of doing it manually?