Support different ipv6 network device in network-tunnel-manager.sh

[heri16]

On many VPS providers, the IPv4 uplink network interface is eth0, while the IPv6 uplink may be on a different interface (e.g., eth1 or another device).

This PR:

• Improves automatic detection of the uplink network interface for both IPv4 and IPv6.
• Adds support for configurations where the IPv4 and IPv6 uplinks are on different interfaces, while remaining fully compatible with setups where they share the same interface.
• Change the expected environment variable name from NETWORK_DEVICE to IPV4_UPLINK_DEV and IPV6_UPLINK_DEV
• Add CLI flag for --uplink-dev-v6

---

This change is 

[vercel]

@heri16 is attempting to deploy a commit to the nyx-network Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thank you for making this first PR

[serinko]

Hey, it looks good. Thank you for your PR.
You haven't ticked the env var but I see it added in the PR

Please redirect it from develop to feat/operators/ntm-upgrades.

This var is used here:
https://github.com/nymtech/nym/blob/develop/scripts/nym-node-setup/nym-node-cli.py#L578
https://github.com/nymtech/nym/blob/develop/scripts/nym-node-setup/nym-node-cli.py#L643

If you want you can toggle that too, otherwise I will fix that one

[heri16]

For the record:
"ip -6 -o route show default" was not reliable.
On my VPS machine (Debian 13), it requires "print $3" while the original script uses "print $5".
See:

nonroot@localhost:~$ ip -6 -o route show default
default dev eth1.1 proto static metric 1024 pref medium

[heri16]

https://github.com/nymtech/nym/blob/develop/scripts/nym-node-setup/nym-node-cli.py#L643

Should we have:

• Option A: --uplink-dev-v4 and --uplink-dev-v6
• Option B: --uplink-dev and --uplink-dev-v6 where v6 defaults to autodetection if unspecified?

@serinko

Also, I've found another issue with the quic_bridge_deployment.sh on machines such as mine.
Would you prefer a different PR? This line containing UPLINK_DEV is used by quic_bridge_deployment.sh: https://github.com/nymtech/nym/blob/develop/scripts/nym-node-setup/nym-node-cli.py#L577

[heri16]

Please review latest changes to this PR.

[heri16]

[serinko]

I would prefer this one as the program should ask minimum from the operator

* Option B: `--uplink-dev` and `--uplink-dev-v6` where v6 defaults to autodetection if unspecified?

If that issue on QUIC connects to this interface, feel free to add it to this PR.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs-nextra	Ignored	Preview		Dec 3, 2025 9:14am

[heri16]

Done. Please review and merge. @serinko @mfahampshire

[serinko]

Does this work?

Imo it returns: getent ahostsv4 "$host" I would expect you want some of this syntax to be returned:

getent ahosts -4 "$host"
# or
getent ahosts -6 "$host"

Hence smth like:

detect_uplink_interface() {
  local aflag="$1"   # -4 or -6
  local host="$2"
  local ip dev

  # Resolve host to IP for the requested address family
  ip="$(getent ahosts "$host" "$aflag" 2>/dev/null | awk '$2=="STREAM" {print $1}' | head -n1 || true)"

  if [[ -z "$ip" ]]; then
    return 1
  fi

  # Find which interface would be used to reach that IP
  dev="$(ip "$aflag" -o route get "$ip" 2>/dev/null | awk '{print $5}' | head -n1 || true)"

  if [[ -n "$dev" && "$dev" =~ ^[a-zA-Z0-9._-]+$ ]]; then
    echo "$dev"
    return 0
  fi

  return 1
}

and later on

# uplink device detection, can be overridden
IPV4_UPLINK_DEV="${IPV4_UPLINK_DEV:-}"
if [[ -z "$IPV4_UPLINK_DEV" ]]; then
  IPV4_UPLINK_DEV="$(detect_uplink_interface -4 "ifconfig.co" || true)"
fi
if [[ -z "$IPV4_UPLINK_DEV" ]]; then
  error "cannot determine ipv4 uplink interface. set IPV4_UPLINK_DEV"
  exit 1
fi

IPV6_UPLINK_DEV="${IPV6_UPLINK_DEV:-}"
if [[ -z "$IPV6_UPLINK_DEV" ]]; then
  IPV6_UPLINK_DEV="$(detect_uplink_interface -6 "ifconfig.co" || true)"
fi
if [[ -z "$IPV6_UPLINK_DEV" ]]; then
  error "cannot determine ipv6 uplink interface. set IPV6_UPLINK_DEV"
  exit 1
fi

[heri16]

Yes, it's tested to be working.
It's either getent ahostsv4 or getent ahostsv6.

See:

nonroot@nymExitNode:~$ getent ahosts -4 "proof.ovh.net"
getent: invalid option -- '4'
Try `getent --help' or `getent --usage' for more information.
nonroot@nymExitNode:~$ getent ahostsv4 "proof.ovh.net"
141.95.207.211  STREAM proof.ovh.net
141.95.207.211  DGRAM
141.95.207.211  RAW

[serinko]

did you have time to test this if in case of ip4 and ipv6 devices == it prints the correct stuff?

[heri16]

Yes, I've tested it. fetch_and_display_ipv6 only prints ipv6 address as it should.

See:

nonroot@nymExitNode:~$ sudo ./network-tunnel-manager.sh fetch_and_display_ipv6
----- 2025-12-11 01:27:00 START network-tunnel-manager -----
Logs are being saved locally to: /var/log/nym/network_tunnel_manager.log
These logs never leave your machine.

[2025-12-11 01:27:00] COMMAND: fetch_and_display_ipv6 ARGS: fetch_and_display_ipv6
[OK] ipv6 address on eth0.2: 2a07:b944::2:2/128

Logs saved locally at: /var/log/nym/network_tunnel_manager.log
[OK] operation fetch_and_display_ipv6 completed

[serinko]

I looked at it and it looks good, though there are two comments.

Then I need to test it, which I will only get to after Ansible playbooks out and implementation of NIP-4,5&6.

I would expect it in production after new year.

[heri16]

Updated code applying feedback from comments. Ready for review. @serinko @mfahampshire