How can I troubleshoot when an IPV6 tunnel stops working?

Assuming the configuration hasn’t changed, how can I start troubleshooting? I woke up to not being able to ping IPv6 addresses.

Things to keep in mind:

  • IP Address didn’t change. Public IP Address matches tunnelbroker.net
  • My configuration looks exactly like this
  • I can ping the tunnel endpoint 184.105.253.10
  • Didn’t change firewall nor any configuration overnight
  • Using Ubuntu server 19.04

This is the relevant firewall rule I have up for this configuration:e

Chain ufw-user-input (1 references) pkts bytes target     prot opt in     out     source           destination 8444 1302K ACCEPT     41   --  *      *       184.105.253.10       0.0.0.0/0 

ip a

3: enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 4: sit0@NONE: <NOARP> mtu 1480 qdisc noqueue state DOWN group default qlen 1000     link/sit 0.0.0.0 brd 0.0.0.0 5: ipv6tunnel@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000     link/sit 192.168.0.1 peer 184.105.253.10     inet6 2001:x:1f0e:x::2/64 scope global        valid_lft forever preferred_lft forever     inet6 fe80::c0a8:1/64 scope link        valid_lft forever preferred_lft forever 6: lan@enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet 192.168.0.1/26 brd 192.168.0.63 scope global lan        valid_lft forever preferred_lft forever     inet6 2001:x:1f0f:x:21b:21ff:fec8:3cf1/64 scope global dynamic mngtmpaddr noprefixroute        valid_lft 86337sec preferred_lft 14337sec     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 7: wan@enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet 183.x.x.x/24 brd 47.187.53.255 scope global dynamic wan        valid_lft 1459sec preferred_lft 1459sec     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 

ip -6 route

::1 dev lo proto kernel metric 256 pref medium 2001:x:1f0e:x::/64 dev ipv6tunnel proto kernel metric 256 pref medium 2001:x:1f0f:x::/112 dev tun0 proto kernel metric 256 pref medium 2001:x:1f0f:x::/64 dev lan proto ra metric 1024 expires 86143sec pref medium fe80::/64 dev ipv6tunnel proto kernel metric 256 pref medium fe80::/64 dev enp36s0 proto kernel metric 256 pref medium fe80::/64 dev wan proto kernel metric 256 pref medium fe80::/64 dev lan proto kernel metric 256 pref medium fe80::/64 dev tun0 proto kernel metric 256 pref medium default via 2001:x:1f0e:x::1 dev ipv6tunnel proto static metric 1024 pref medium 

netstat -rnf inet6

    Kernel IP routing table Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 0.0.0.0         183.x.x.1     0.0.0.0         UG        0 0          0 wan 183.x.x.0     0.0.0.0         255.255.255.0   U         0 0          0 wan 183.x.x.1     0.0.0.0         255.255.255.255 UH        0 0          0 wan 192.168.0.0     0.0.0.0         255.255.255.192 U         0 0          0 lan 

How can I start troubleshooting? Rebooting always fixes the problem but it’s not an ideal solution because I have services on the router that need to have 100% uptime.

How to connect to ipv6?

My server is connected to a network which supports ipv6, however, it can’t connect to any ipv6 address. Ping6 returns a message “network is unreachable.” and curl ipv6 don’t work as well. How to check whether my network really supports ipv6 and if so, how to let my server connect to it?

Running ISC DHCP SERVER6 for IPV6 on ubuntu

I am using ISC DHCP SERVER6 for ipv6 on ubuntu machine.

My requirement is 1. I am using two ubuntu machines. Dhcpv6 server is running on one machine and dhcpv6 client is running on another machine. 2.vendor class (option 16) is sent from client. 3.In Server side, according to vendor class (option 16) , corresponding vendor opts (option 17) should be sent from dhcpv6 server 4.Can you please give me , sample server side configuration for ISC DHCPv6.

Thanks, Durga K

Is There a Global Switch to Use UFW for IPv6 Only?

I would like to use UFW for IPv6 only (I already have a perimeter firewall for IPv4).

Aside from using a global allow rule for IPv4, does /etc/default/ufw understand IPv4=no as do not affect IPv4 networking? I know it accepts it (does not complain if it is present and restarts fine), but would this work?

If not, is there a global way to set UFW to only affect one NIC (the one that has the IPv6 link) and leave another link untouched?

IPv6 precedence over IPv4

I found that IPv4 connections are mostly better than IPv6. Speed is higher and less paket loss. I did serveral tests from different computers to different locations.

I decided to change presedence so that name resolution first deliveres A records and then AAAA records.

This can be achieved by changing /etc/gai.conf and activate this line.

precedence ::ffff:0:0/96 100 

Are there any know drawbacks in changing this?

Why is iSCSI Trying to Connect on IPv6 at boot?

18.04.02

I recently added an iSCSI target (Synology Diskstation). It mounts just fine at each boot; however, many times, boot time hangs and the only thing I really see that may be causing it is many errors that look like the following:

cannot make a connection to fe80::211:32ff:fe1e:66fc:3260 (-1,22) 

I cannot for the life of me figure out why this is happening. I disabled ipv6 by doing the following:

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 

Running

cat /proc/sys/net/ipv6/conf/all/disable_ipv6 

Returns 1, so I know it is disabled and persists through boot.

I have searched for a couple of days andD all I can come up with is a bug report from like 10 years ago so surely that can’t be the reason, could it? Any other ideas are appreciated. Normally, I would just ignore it, but I am not sure that it isn’t what is causing the hang.