Results 1 to 10 of 10

Thread: IPv6 network on Ubuntu Server v22

  1. #1
    Join Date
    Nov 2022
    Beans
    5

    Question IPv6 network on Ubuntu Server v22

    Hello.

    Can't seem to get the IPv6 network to work.
    Given: dedicated IPv4 like: 45.80.XX.XX/32 and gateway 10.0.0.1; IPv6 subnet: 2a03:XX:XX::5b8/125 (/125 prefix) and gateway 2a03:XX:XX::5b9
    Bottom line: IPv4 works fine, but IPv6 doesn’t want to do anything...


    Question: Tell me, please, a possible solution to the problem with IPv6. Need help!

    ========================
    My config is in /etc/netplan/00-network-all.yaml

    Code:
    network:
      version: 2
      renderer: networkd
      ethernets:
        ens3:
          dhcp4: no
          dhcp6: no
          addresses:
            - 45.80.XX.XX/32
            - 2a03:XX:XX::5b8/125
            - 2a03:XX:XX::5ba/128
          nameservers:
            addresses:
            - 1.1.1.1
            - 8.8.8.8
            - 2606:4700:4700::1111
            - 2001:4860:4860::8888
          routes:
            - to: 0.0.0.0/0 # default
              via: 10.0.0.1
              metric: 20
              on-link: true
            - to: ::/0 # default
              via: 2a03:XX:XX::5b9
              metric: 10
              on-link: true
    

    ip a
    Code:
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host
           valid_lft forever preferred_lft forever
    2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
        link/ether 52:54:00:XX:XX:XX brd ff:ff:ff:ff:ff:ff
        altname enp0s3
        inet 45.80.XX.XX/32 scope global ens3
           valid_lft forever preferred_lft forever
        inet6 2a03:XX:XX::5ba/128 scope global
           valid_lft forever preferred_lft forever
        inet6 2a03:XX:XX::5b8/125 scope global
           valid_lft forever preferred_lft forever
    3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
        link/none
        inet 10.66.66.1/24 scope global wg0
           valid_lft forever preferred_lft forever
        inet6 fd42:42:42::1/64 scope global
           valid_lft forever preferred_lft forever
    

    ip -6 r
    Code:
    ::1 dev lo proto kernel metric 256 pref medium
    2a03:XX:XX::5ba dev ens3 proto kernel metric 256 pref medium
    2a03:XX:XX::5b8/125 dev ens3 proto kernel metric 256 pref medium
    fd42:42:42::/64 dev wg0 proto kernel metric 256 pref medium
    default via 2a03:XX:XX::5b9 dev ens3 proto static metric 10 onlink pref medium
    

    ip neigh
    Code:
    10.0.0.1 dev ens3 lladdr 02:00:00:00:00:01 REACHABLE
    2a03:XX:XX::5b9 dev ens3  FAILED

    mtr google.com -6
    Code:
    Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
     1. (no route to host)



  2. #2
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22

    Have you configured any firewall rules? Please post the output of these commands:
    Code:
    sudo iptables-save
    sudo nft list ruleset
    Also, I gather that a Neighbor Solicitation request must come from the Link Local address of the sender, and you don't seem to have a Link Local address. This might be the source of the problem.
    Last edited by The Cog; November 21st, 2022 at 09:58 AM.

  3. #3
    Join Date
    Nov 2022
    Beans
    5

    Re: IPv6 network on Ubuntu Server v22

    Quote Originally Posted by The Cog View Post
    Have you configured any firewall rules? Please post the output of these commands:
    Code:
    sudo iptables-save
    sudo nft list ruleset
    Also, I gather that a Neighbor Solicitation request must come from the Link Local address of the sender, and you don't seem to have a Link Local address. This might be the source of the problem.
    First, thank you for reply!

    1) No, I didn't set up any firewall rules.
    2)
    ...and you don't seem to have a Link Local address.
    Could you help me to add correct Link-Local address via terminal, please???

    sudo iptables-save

    Code:
    # Generated by iptables-save v1.8.7 on Mon Nov 21 12:36:40 2022
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A FORWARD -i ens3 -o wg0 -j ACCEPT
    -A FORWARD -i wg0 -j ACCEPT
    COMMIT
    # Completed on Mon Nov 21 12:36:40 2022
    # Generated by iptables-save v1.8.7 on Mon Nov 21 12:36:40 2022
    *nat
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -o ens3 -j MASQUERADE
    COMMIT
    # Completed on Mon Nov 21 12:36:40 2022
    sudo nft list ruleset

    Code:
     
    table ip filter {
            chain FORWARD {
                    type filter hook forward priority filter; policy accept;
                    iifname "ens3" oifname "wg0" counter packets 0 bytes 0 accept
                    iifname "wg0" counter packets 0 bytes 0 accept
            }
    }
    table ip nat {
            chain POSTROUTING {
                    type nat hook postrouting priority srcnat; policy accept;
                    oifname "ens3" counter packets 50 bytes 3449 masquerade
            }
    }
    table ip6 filter {
            chain FORWARD {
                    type filter hook forward priority filter; policy accept;
                    iifname "wg0" counter packets 0 bytes 0 accept
            }
    }
    table ip6 nat {
            chain POSTROUTING {
                    type nat hook postrouting priority srcnat; policy accept;
                    oifname "ens3" counter packets 43 bytes 4143 masquerade
            }
    }
    Last edited by nick1231; November 21st, 2022 at 01:55 PM.

  4. #4
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22

    "Could you help me to add correct Link-Local address via terminal, please???"
    I don't know. I'll try to figure something out this evening but I'm not sure I'll get anywhere.

    I'm surprised to see that you have NAT rules on both iptables and nftables. There are warnings in the nftables docs that you must not do that. In general, I would suggest you use one firewall configuration only, although I gather that it's only NAT where they specifically say don't do that. I don't think that's your IPv6 problem though.

    Afterthought - it may be that the iptables-save is just translating the nft ruleset, for backwards compatibility. I gather that iptables is regarded as legacy in recent Ubuntus. I don't know how to tell if that's why you see both types of rules though. maybe "lsmod |grep tables".
    Last edited by The Cog; November 21st, 2022 at 05:50 PM.

  5. #5
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22

    OK, I give up. My machines all have link-local addresses e:g:
    Code:
    2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
        inet6 fc00:1111::1/64 scope global 
           valid_lft forever preferred_lft forever
        inet6 fe80::1d5c:c681:9ad:bb67/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    and if I manually delete it, another (different) one appears instantly. At this stage, I don't understand why I have one and you don't.
    I did confirm with tcpdump that the neighbor solicitation request (== ipv4 ARP request) is sent to the link-local multicast address, even when trying to resolve an IP address that is on the same global network. So you really do need a link-local address.
    One thing you might try is creating one manually. perhaps:
    Code:
    sudo ip addr add fe80::1234/128 dev ens0
    but I'm guessing. If anyone knows better, I'd be very happy for an explanation, or a link to one.
    Last edited by The Cog; November 21st, 2022 at 11:44 PM.

  6. #6
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22


  7. #7
    Join Date
    Nov 2022
    Beans
    5

    Re: IPv6 network on Ubuntu Server v22

    Quote Originally Posted by The Cog View Post
    So you really do need a link-local address.
    One thing you might try is creating one manually. perhaps:
    Code:
    sudo ip addr add fe80::1234/128 dev ens0
    but I'm guessing. If anyone knows better, I'd be very happy for an explanation, or a link to one.
    I manually create a Link-local address, but nothing changes with IPv6...



    Code:
    sudo nmcli --wait 0 device connect ens3
    Error: Failed to add/activate new connection: Connection 'ens3' is not available on device ens3 because device is strictly unmanaged
    Or am I doing something wrong?

  8. #8
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22

    Silly me. Your netplan config says you're using networkd (I think that's ths systemctl network manager) rather than the gnome network-manager. I really don't know what to do from here, I'm afraid.

  9. #9
    Join Date
    Nov 2022
    Beans
    5

    Re: IPv6 network on Ubuntu Server v22

    Quote Originally Posted by The Cog View Post
    I really don't know what to do from here, I'm afraid.
    Unfortunately, I decided to reinstall the system anyway. And IPv6 doesn't work for me either.
    =============

    Given: Dedicated IPv4 like: 45.80.XX.XX/32 and gateway 10.0.0.1; IPv6 subnet: 2a03:XX:XX::5b8/125 (/125 prefix) and gateway 2a03:XX:XX::5b9

    Here is my netplan config:
    Code:
    network:
      version: 2
      renderer: networkd
      ethernets:
        ens3:
          dhcp4: no
          dhcp6: no
          addresses:
            - 45.80.XX.XX/32
            - 2a03:XX:XX::5b8/125
          nameservers:
           addresses:
            - 1.1.1.1
            - 8.8.8.8
            - 2606:4700:4700::1111
            - 2001:4860:4860::8888
          routes:
            - to: 0.0.0.0/0 # default
              via: 10.0.0.1 # Gateway IPv4
              metric: 100
              on-link: true
            - to: ::/0 # default
              via: 2a03:XX:XX::5b9 # Gateaway IPv6
              metric: 200
              on-link: true

    ip neigh
    Code:
    10.0.0.1 dev ens3 lladdr 02:00:00:00:00:01 REACHABLE
    2a03:XX:XX::5b9 dev ens3  FAILED

    route -6
    Code:
    Kernel IPv6 routing table
    Destination                    Next Hop                   Flag Met Ref Use If
    ip6-localhost/128              [::]                       U    256 2     0 lo
    myhost/125                     [::]                       U    256 1     0 ens3
    fe80::/64                      [::]                       U    256 1     0 ens3
    [::]/0                         _gateway                   UGH  200 1     0 ens3
    ip6-localhost/128              [::]                       Un   0   5     0 lo
    myhost/128                     [::]                       Un   0   2     0 ens3
    myhost/128                     [::]                       Un   0   2     0 ens3
    ip6-mcastprefix/8              [::]                       U    256 4     0 ens3
    [::]/0                         [::]                       !n   -1  1     0 lo

    ip -6 r
    Code:
    ::1 dev lo proto kernel metric 256 pref medium
    2a03:XX:XX::5b8/125 dev ens3 proto kernel metric 256 pref medium
    fe80::/64 dev ens3 proto kernel metric 256 pref medium
    default via 2a03:XX:XX::5b9 dev ens3 proto static metric 200 onlink pref medium
    ip a
    Code:
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host
           valid_lft forever preferred_lft forever
    
    
    2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
        link/ether 52:54:00:XX:XX:XX brd ff:ff:ff:ff:ff:ff
        altname enp0s3
        inet 45.80.XX.XX/32 scope global ens3
           valid_lft forever preferred_lft forever
        inet6 2a03:XX:XX::5b8/125 scope global
           valid_lft forever preferred_lft forever
        inet6 fe80::XX:XX:XX:1904/64 scope link
           valid_lft forever preferred_lft forever
    In IPv6 routing table there is a strange "UGH" flag, maybe it should be just "UG" ???
    Code:
     [::]/0           _gateway         UGH  200 1     0 ens3

    P.S. Very need help with IPv6!

  10. #10
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,746

    Re: IPv6 network on Ubuntu Server v22

    I still think your problem is the lack of a link-local address, making it unable to send NDP requests. Here are some interesting bits that may help:
    https://stackoverflow.com/questions/...-local-address
    https://medium.com/opsops/how-to-res...x-737666a505f3
    That second one links to https://www.kernel.org/doc/Documenta.../ip-sysctl.txt (search for addr_gen_mode) which says:
    Code:
    addr_gen_mode - INTEGER
    	Defines how link-local and autoconf addresses are generated.
    
    	0: generate address based on EUI64 (default)
    	1: do no generate a link-local address, use EUI64 for addresses generated
    	   from autoconf
    	2: generate stable privacy addresses, using the secret from
    	   stable_secret (RFC7217)
    	3: generate stable privacy addresses, using a random secret if unset
    So you could try setting it with the following (maybe try setting to 3 then back to 0 to make sure it changes to trigger generation)
    Code:
    sudo -i
    echo 0 > /proc/sys/net/ipv6/conf/ens3/addr_gen_mode
    exit
    or alternatively:
    Code:
    sudo sysctl -w net/ipv6/conf/ens3/addr_gen_mode=0
    Last edited by The Cog; November 24th, 2022 at 10:05 AM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •