I recently switched my virtual private server hehoe.de from Ubuntu to Arch Linux. I am struggling trying to regain IPv6 connectivity. Access via IPv4 is working fine, so the hardware is okay. The server provider instructs me to use 2a00:5080:1:199::1/128 for the server's IPv6 address and fe80::1 as the gateway. They gave me a configuration file to use with netctl for IPv4 connectivity. I added the IPv6 sections: Description='A basic static ethernet connection' Interface=enX0 Connection=ethernet IP=static Address=('84.38.64.200/32') Routes=('172.16.147.1/32 dev eth0') Gateway='172.16.147.1' IP6=static Address6=('2a00:5080:1:199::1') Gateway6='fe80::1' After enabling and starting the profile, the command ip addr list shows this: enX0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:16:3e:4f:7f:20 brd ff:ff:ff:ff:ff:ff inet 84.38.64.200/32 scope global enX0 valid_lft forever preferred_lft forever inet6 2a00:5080:1:199::1/128 scope global valid_lft forever preferred_lft forever inet6 fe80::216:3eff:fe4f:7f20/64 scope link valid_lft forever preferred_lft forever It makes me think the addresses are set-up correctly. The command ip -6 route shows this: 2a00:5080:1:199::1 dev enX0 proto kernel metric 256 pref medium fe80::/64 dev enX0 proto kernel metric 256 pref medium default via fe80::1 dev enX0 metric 1024 pref medium The routes are looking fine to me, too. I can ping -6 fe80::1%enX0 so there is some machine there. Running mtr -6 google.com on the server only shows an empty table. That made me think the gateway is not being considered at all. Observing the ping attempts with tcpdump -e -n -i enX0 "ip6": 18:44:45.981952 00:16:3e:4f:7f:20 > fe:ff:ff:ff:ff:ff, ethertype IPv6 (0x86dd), length 118: 2a00:5080:1:199::1 > 2a00:1450:4001:81c::2003: ICMP6, echo request, id 8, seq 3, length 64 Where 2a00:1450:4001:81c::2003 is the google server I tried to ping. ip neigh shows: 172.16.147.1 dev enX0 lladdr fe:ff:ff:ff:ff:ff REACHABLE fe80::1 dev enX0 lladdr fe:ff:ff:ff:ff:ff router STALE So fe:ff:ff:ff:ff:ff is indeed the router's MAC address. Any ideas how to debug this issue?

My NFS exports are accessible via IPv4 to a number of hosts on my LAN. I want to make these exports available via IPv6 so that I can mount them to my laptop when I'm away. When I'm away I can access these LAN hosts via their IPv6 address and from them can access my laptop via its IPv6 address. So I assume that the blocking issue is in the NFS configuration somewhere. So here is a line from the server's /etc/exports: /export/test 2001:123:a:b:c:d:e:f(rw,nohide,insecure,no_subtree_check,async) where that IPv6 address is the laptop's network device through which I can ping from the NFS server, open a SSH session... And here is the corresponding line from the client's /etc/fstab For the IPv6 address I have tried [address] '[address]' and simply address. But in all cases, attempting to mount returns the error mount.nfs: access denied by server while mounting address:/export/test

I'm trying to get a "simple" VPN working between two Linux boxes using Wireguard. Unfortunately, existing tutorials I've found weren't that helpful, because they usually A) only set up IPv4 and B) usually use IP masquerading ... Config of machine A:

[Interface]
Address = 192.168.10.2/24
ListenPort = 51820
 
[Peer]
AllowedIPs = 192.168.10.0/24, 172.16.0.0/24, fdbb:bbbb:bbbb::/48, 2001:db8:bbbb:0000::/64
Endpoint = [2001:db8:bbbb:0000:1234:56ff:fe78:90ab]:51820
PersistentKeepalive = 20

Config of machine B:

[Interface]
Address = 192.168.10.1/24
ListenPort = 51820

[Peer]
AllowedIPs = 192.168.10.2/32, 10.0.0.0/16, fdaa:aaaa:aaaa::/48, 2001:db8:aaaa:0000::/64
Endpoint = [2001:db8:aaaa:0000:ba09:87ff:fe65:4321]:51820
PersistentKeepalive = 20

(Leaving out the keys because the tunnel itself is passing traffic so I know these are correct). So, simple config, in theory. Machine A has no local firewall (only a typical consumer router with its built-in firewall, with UDP/51820 opened), machine B has ip(6)tables but only for all the Docker rules, and the default policies are set to Accept. Both machines have net.ipv4.ip_forward=1 and net.ipv6.conf.all.forwarding=2. That config didn't work, because Wireguard apparently tries to route **its own wireguard traffic** through the tunnel itself because the Endpoint IPv6 is included in the AllowedIPs network. Why would that not be excluded by default... I tried to get around that by adding a fixed route to send traffic for that endpoint through the normal interface, not wg0:

PostUp = /usr/sbin/ip -6 route add 2001:db8:aaaa:0000:ba09:87ff:fe65:4321/128 via fe80::1 dev enp1s0
PreDown = /usr/sbin/ip -6 route del 2001:db8:aaaa:0000:ba09:87ff:fe65:4321/128 via fe80::1 dev enp1s0

With that setup (on both sides), the peers can ping eachother A) through the WG peer addresses (192.168.10.X), B) through their local IPv4 (10.0.X.X or 172.16.X.X), and C) through their ULA addresses. However, I still have two issues with my tunnel: A) Because I had to add that IPv6 route to the endpoint, that means traffic to the other peer's public IPv6 address does not go through the WG tunnel but travels directly over the internet. The peers cannot ping eachother using their public GUA IPv6 addresses. I would need something like that IP route I added using the PostUp parameter, but for that to only apply to the tunnel itself, not for traffic going through the tunnel. Like an IPv6 route where I can say "route UDP/51820 over this route (directly to the internet), but other traffic to that same IP over that route (wg0)". B) I can't get everything to work from other machines in my network (over IPv4). On another machine on network A, I added a static route to the other network's IPv4: 172.16.0.0/24 via 10.0.1.25 dev enp7s0 metric 100. When I now do a traceroute, the 1st hop is the wireguard machine (10.0.1.25), and the 2nd hop is the WG peer's address of the remote machine (192.168.10.1) (so it does go through the tunnel!), but after that, boom, that's it. No third hop with the actual destination (even though the other side's default gateway does have a static route to route 10.0.0.0/8 to that side's wireguard machine. I do not want to do IP masquerading which is the "solution" I found multiple times using Google. I want the other machines on the other network see exactly where the requests are coming from - a machine on the other side of the tunnel. Over IPv6, using the ULAs, everything is fine. Added an IPv6 route on the gateway to route the other side's ULAs to the wireguard machine, and done. I just need to find a solution for the GUAs, probably with radvd on the wireguard machine announcing a route to that network. TL;DR: Wireguard connection between two peers works, but A) how do I send non-Wireguard traffic to the wireguard endpoint IP over the tunnel as well, and B) why does IPv6 ULA routing work and IPv4 routing doesn't even though they're set up the same.

I’m running Kali Linux, which is installed on a VMware virtual machine. I have been facing issues while trying to update and install packages using apt. The system shows errors related to connection timeouts when fetching packages from certain mirrors, and it also fails to locate some packages that should be available. **My command**

sudo apt update && sudo apt install -y \
  unzip zip curl git build-essential \
  cmake libusb-1.0-0-dev \
  adb lsb-release android-sdk-platform-tools-common \
  libxml2-utils

**Details of the problem:** The error messages:

Error: Failed to fetch http://mirror1.sox.rs/kali/kali/pool/main/a/android-platform-tools/android-libbase_34.0.5-12_amd64.deb   Could not connect to mirror1.sox.rs:80 (88.218.137.65), connection timed out
Error: Failed to fetch http://mirror1.sox.rs/kali/kali/pool/main/a/android-sdk-meta/android-sdk-platform-tools-common_28.0.2+12_all.deb   Unable to connect to mirror1.sox.rs:http:
Error: Failed to fetch http://mirror1.sox.rs/kali/kali/pool/main/g/gcc-defaults/g++_14.2.0-1_amd64.deb   Unable to connect to mirror1.sox.rs:http:
Error: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

**What I have checked so far:** My internet connection is active, and I can ping https://kali.org successfully. My /etc/apt/sources.list contains the default Kali Rolling repository:

deb http://http.kali.org/kali  kali-rolling main non-free non-free-firmware contrib

I tried the following: Ran sudo apt update multiple times, but the same errors occurred. And this:

sudo rm -rf /var/lib/apt/lists/*
sudo apt clean
sudo apt update

Suspect the VM might be trying to connect via IPv6, which could be causing unreachable network errors so I disabled it temporary

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

I set up an opnsense firewall that runs a DHCP server for IPv4 assignment in my LAN. Furthermore, as my ISP provides me with IPv6 too, my LAN clients also configure a SLAAC address with IPv6 prefix delegation. This works fine, too. Now I am running some servers in my LAN, for example Proxmox. Of course the servers have fixed IP addresses, but I still want to be able to address them by their name. In the DNS service of the firewall, I can add manual static entries. For example, for my Proxmox host, my IPv4 static entry looks like this: pve0 A 192.168.1.10 now I would like to allow that pve0 can also resolve to an IPv6 address, so each client can choose on their own what protocol to use. I can make a static IPv6 address, too, but I am unsure which one to use. Should I use the link local address, or the one with the delegated prefix? for example pve0 AAAA fe80::3eec:efff:fea1:1515 or should I use (redacted some bits of the address) pve0 AAAA 2a00:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:6f8d which is the clean and correct way to do it? and one bonus question, I see that lots of people are struggling with this: how can I achieve name resolution in the LAN also for dynamically allocated IPv6 addresses? for IPv4 it works, as DHCP adds automatically a DNS entry, but obviously for IPv6 SLAAC addresses, this is not possible. But still I noticed that some Windows 10 clients actually are able to resolve each other's name, so in some way it must be possible, but I don't understand how.

I have an entry like this in /etc/hosts:

fe80::XXXX:XXff:feXX:XXXX%enp0s25 test-ipv6

This is a link-local address. I've masked out my MAC address (with the 7th most significant bit flipped) for this post. I can ping the address, but pinging test-ipv6 gives

ping: test-ipv6: Name or service not known

* Why doesn't it work? * Is there a different way to assign an IPv6 link-local address to a hostname? I'm using Arch Linux with kernel version 4.17.2. **EDIT:** this is mostly a duplicate of https://unix.stackexchange.com/questions/174767/ipv6-zone-id-in-etc-hosts .

I’m working on a Raspberry Pi-based network device that moves between several known locations, each with its own IPv4 and IPv6 subnet. To streamline connectivity, I’m considering assigning multiple static IP addresses (both IPv4 and IPv6) to the eth0 interface, so that it can communicate without reconfiguration at each site. My current setup: - Using dhcpcd with a custom exit-hook to programmatically assign addresses based on the environment. - I plan to assign something like: # IPv4 ip addr add 192.168.1.100/24 dev eth0 ip addr add 10.11.12.13/24 dev eth0 # IPv6 ip -6 addr add 2405:200:185:2666::4c82/64 dev eth0 ip -6 addr add 2406:300:abcd:7890::5/64 dev eth0 - The Pi will not be connected to more than one network at a time, but I want the addresses preconfigured for seamless usage. Concerns I have: - Potential routing conflicts, especially if multiple addresses try to inject default routes. - How Linux chooses the source IP for outbound packets when multiple global IPs exist on one interface. - Whether this could interfere with RA handling or DHCPv6 behavior. - If it’s better to use policy routing or interface metrics to manage this cleanly. Questions: 1. Is this approach viable and stable for production usage? 2. What are the best practices for ensuring predictable routing and IP selection in this setup? 3. Would policy routing (e.g., using ip rule + custom tables) be required to maintain clean behaviour? 4. Should I be flushing routes on each network change to avoid stale or conflicting entries? Additional context: - Temporary commands are acceptable since configuration is injected by dhcpcd exit hooks. - I don’t want to rely on dynamic DHCP or RA configuration at each site.

I have a Raspberry Pi with two network interfaces, eth0 and eth0100, both configured with global IPv6 addresses in the same /64 subnet (2405:200:185:2666::/64). From my MacBook, I can connect to either interface, but only if the route metric on the Pi prioritizes the correct one. Otherwise, replies may go out the wrong interface and the connection breaks. Using link-local addresses with %interface always works, since the interface is explicitly scoped. However, with global IPv6, Linux seems to use the main routing table to select the egress interface, even if the packet came in on another. I’ve been using a temporary workaround by manually adjusting the route metrics in the IPv6 routing table to control which interface is preferred for replies. I want to implement proper symmetric routing: packets arriving on eth0 should reply via eth0, and likewise for eth0100, regardless of route metric or address overlaps. The solution should work with dynamic addresses (e.g., SLAAC) and not require hardcoding source IPs. What is the correct way to configure this behaviour?

Today, I started having most web sites failing to load in browsers. Checking my network settings, I discovered those strange settings in ipv6 tab: Switching back to my usual dns for ipv6 (Google's one, 2001:4860:4860::8888 and 2001:4860:4860::8844) solved my browsing issue. But just to make sure, I then reopened the network settings: the same strange ipv4 addresses in my ipv6 dns configuration were back! Networking still works for now, but I fear the trouble will come back on next reboot. The ipv4 tab has its expected settings. The /etc/resolv.conf file was pointing my isp own ipv6 dns server, I have removed them. resolvconf package is not installed. /etc/NetworkManager/system-connections/Wired connection 1 file looks fine. [ethernet] duplex=full [connection] id=Wired connection 1 uuid=231ba09e-7c56-4fb3-9df2-37cc0c4202b0 type=ethernet timestamp=1480972453 [ipv6] method=auto dns=2001:4860:4860::8888;2001:4860:4860::8844; ignore-auto-dns=true ip6-privacy=2 [ipv4] method=auto dns=8.8.8.8;8.8.4.4; ignore-auto-dns=true nm-connection-editor interface shows the right settings. /etc/dhcp/dhclient.conf file does not contain any supersede. Only the network configuration applet is wrong. I guess it is the network-manager-gnome interface. Its version on my system is 0.9.10.0-2 according to synaptic. My distribution is a Debian Jessie, unattended updates activated (stable channel of course, it would not be a Jessie anymore otherwise, backports enabled), using gnome. I search a bit randomly in my hidden home folders if some local settings were related to networking just in case, but found nothing, including in ~/.gconf/ folder. What else should I check for that issue please? ## Follow up: Thanks sourcejedi, So the bad display looks like a bug, ipv6 addresses being displayed here as ipv4, using only first four bytes of them. Maybe this is just a display bug. But redefining my settings as I have done would then have overwritten the actual cause of the trouble... I have reboot now, things still works for now (with display bug still here). No clue what was the actual trouble. (Emptying the resolv.conf as I have done was undone at the next boot by the way, it was refilled with my isp ipv6 dns.) Checking the nmap version on my system, it is 6.47-3+deb8u2. But anyway, the old bug you found about it does not look related, just similar as you say.

I'm trying to use socat as a port mapper to map IPv4 connections to my OpenVPN server running behind a DS-Lite IPv6 cable connection. //edit I tried with a non root user and root. But I get the same result with both users. //edit Goal is to be able to connect from my mobile phone via OpenVPN to my (IPv4) smart home devices. From the server running socat I can ping6 my router at home. IPv6 port forwarding is enabled as well and forwards 1194/udp to the raspberry running the OpenVPN server at home. Problem is now that I'm seeing an error from socat as I try to connect OpenVPN from my mobile. root@scw-31f6c8:~/bin# socat -d -d UDP4-LISTEN:63530,fork UDP6:xxx.dynv6.net:1194 2017/12/27 13:53:01 socat N listening on UDP AF=2 0.0.0.0:63530 2017/12/27 13:53:07 socat N accepting UDP connection from AF=2 xx.xxx.xxx.xx:1319 2017/12/27 13:53:07 socat N forked off child process 15429 2017/12/27 13:53:07 socat N listening on UDP AF=2 0.0.0.0:63530 2017/12/27 13:53:07 socat N opening connection to AF=10 [2a02:810c:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:1194 2017/12/27 13:53:07 socat N successfully connected from local address AF=10 [2001:0bc8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:41641 2017/12/27 13:53:07 socat N starting data transfer loop with FDs [5,5] and [6,6] 2017/12/27 13:53:07 socat E read(6, 0xf97acc0, 8192): Permission denied 2017/12/27 13:53:07 socat N exit(1) 2017/12/27 13:53:07 socat N childdied(): handling signal 17 2017/12/27 13:53:07 socat W waitpid(): child 15429 exited with status 1 On first sight everything looks good until it hits read(6, 0xf97acc0, 8192): Permission denied. Currently I cannot identify if this is a socat error on the server running it, or if it is related to a communication issue from socat to my IPv6 endpoint at home. Any pointer on how to find out what's wrong? **//edit** I tried it as well on different machines (uberspace, scaleway) To be sure it is not related to a bad server side configuration. Might be an indicator that something is wrong on my end. But currently I don't see it.

Probably a simple answer but I can't seem to find it. I am running a multihomed Debian Stable(latest) and on interface eth1 I need both IPv4 and IPv6 address. My /etc/network/interfaces looks like this: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 up ip -6 address add 2001:470:28:5b2::1/64 dev $IFACE The problem is the interface only gets assigned the IPv4 adress, not the IPv6 address. What am I missing? When running ***ifup -av***: g00nz@debie:~$ sudo ifup -av [sudo] password for g00nz: run-parts --exit-on-error --verbose /etc/network/if-pre-up.d run-parts: executing /etc/network/if-pre-up.d/wpasupplicant Configuring interface eth1=eth1 (inet) run-parts --exit-on-error --verbose /etc/network/if-pre-up.d run-parts: executing /etc/network/if-pre-up.d/wpasupplicant ip addr add 192.168.1.2/255.255.255.0 broadcast 192.168.1.255 dev eth1 label eth1 RTNETLINK answers: File exists Failed to bring up eth1. run-parts --exit-on-error --verbose /etc/network/if-up.d run-parts: executing /etc/network/if-up.d/avahi-daemon run-parts: executing /etc/network/if-up.d/mountnfs run-parts: executing /etc/network/if-up.d/openssh-server run-parts: executing /etc/network/if-up.d/upstart run-parts: executing /etc/network/if-up.d/wpasupplicant It seems that eth1 is already configured and I can't add the IPv6 address but when I do it from bashprompt it works: sudo ip -6 addr add 2001:470:28:5b2::1/64 dev eth1 and check with ***ifconfig eth1***: g00nz@debie:~$ sudo ip -6 addr add 2001:470:28:5b2::1/64 dev eth1 g00nz@debie:~$ sudo ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:24:9b:08:4b:aa inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2001:470:28:5b2::1/64 Scope:Global inet6 addr: fe80::224:9bff:fe08:4baa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4254 errors:0 dropped:2080 overruns:0 frame:0 TX packets:305 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:469773 (458.7 KiB) TX bytes:45395 (44.3 KiB) Anyone? :( /roger --- OK, tried this and got this in my /etc/network/interfaces now: auto eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 iface eth1 inet6 static address 2001:470:28:5b2::1 netmask 64 But still, when I check with ***ip a*** I have: 3: eth1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:24:9b:08:4b:aa brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::224:9bff:fe08:4baa/64 scope link valid_lft forever preferred_lft forever I does not stick :( Still get error with ifup: g00nz@debie:~$ sudo ifup -av [sudo] password for g00nz: run-parts --exit-on-error --verbose /etc/network/if-pre-up.d run-parts: executing /etc/network/if-pre-up.d/wpasupplicant Configuring interface eth1=eth1 (inet) run-parts --exit-on-error --verbose /etc/network/if-pre-up.d run-parts: executing /etc/network/if-pre-up.d/wpasupplicant ip addr add 192.168.1.2/255.255.255.0 broadcast 192.168.1.255 dev eth1 label eth1 RTNETLINK answers: File exists Failed to bring up eth1. run-parts --exit-on-error --verbose /etc/network/if-up.d run-parts: executing /etc/network/if-up.d/avahi-daemon run-parts: executing /etc/network/if-up.d/mountnfs run-parts: executing /etc/network/if-up.d/openssh-server run-parts: executing /etc/network/if-up.d/upstart run-parts: executing /etc/network/if-up.d/wpasupplicant g00nz@debie:~$

*OS: GNU/Linux Debian 9.2 64-bit* I disabled IPv6 on one of my servers. And now I'm getting this in mail: exim paniclog ... > IPv6 socket creation failed: Address family not supported by protocol How do I get rid of it?

I've set up a fresh Debian 12 system today and wanted to try out IPv6 in my network a bit. So I set up an IPv6 ULA on my router and created a new Debian VM for testing. The Debian VM picks up the ULA address through SLAAC just fine, but it also generates a strange and seemingly incorrect IPv6 address alongside it, one that appears to be just the EUI-64 interface identifier without any of the network prefix bits set. The output of ip address looks like this:

inet6 ::be24:11ff:fe59:4e73/64 scope global
   valid_lft 2591891sec preferred_lft 604691sec
inet6 fdf2:e2f0:3d5b:0:be24:11ff:fe59:4e73/64 scope global deprecated dynamic mngtmpaddr
   valid_lft 2591893sec preferred_lft 0sec
inet6 fdf2:e2f0:3d5b:1:be24:11ff:fe59:4e73/64 scope global dynamic mngtmpaddr
   valid_lft 2591893sec preferred_lft 604693sec
inet6 fe80::be24:11ff:fe59:4e73/64 scope link
   valid_lft forever preferred_lft forever

Although the ULA address is generated just fine, this non-routable address :be24:11ff:fe59:4e73/64 breaks my internet access as its used as the source IP of ping or curl for example. Output of rdisk6

Soliciting ff02::2 (ff02::2) on eth0...

Hop limit                 :    undefined (      0x00)
Stateful address conf.    :          Yes
Stateful other conf.      :           No
Mobile home agent         :           No
Router preference         :       medium
Neighbor discovery proxy  :           No
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 Source link-layer address: 78:9A:18:94:4A:B4
 Recursive DNS server     : fdf2:e2f0:3d5b:1:be24:11ff:fe59:4e73
 Recursive DNS server     : fdf2:e2f0:3d5b:1:be24:11ff:feb6:90f
  DNS servers lifetime    :         1800 (0x00000708) seconds
 Prefix                   : fdf2:e2f0:3d5b:1::/64
  On-link                 :          Yes
  Autonomous address conf.:          Yes
  Valid time              :      2592000 (0x00278d00) seconds
  Pref. time              :       604800 (0x00093a80) seconds
 Prefix                   : fdf2:e2f0:3d5b::/64
  On-link                 :          Yes
  Autonomous address conf.:          Yes
  Valid time              :      2592000 (0x00278d00) seconds
  Pref. time              :            0 (0x00000000) seconds
 from fe80::7a9a:18ff:fe94:4ab4

Router address setup:

[gateway] > /ipv6/address/print detail  
Flags: X - disabled, I - invalid, D - dynamic; G - global, L - link-local; S - slave; d - deprecated 
 1  G   address=fdf2:e2f0:3d5b:1::/64 from-pool=private-pool interface= VLAN010 actual-interface=VLAN010 eui-64=no advertise=yes no-dad=no 
 
[gateway] > /ipv6/nd/print 
Flags: X - disabled, I - invalid; * - default 
 0  * interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium hop-limit=unspecified advertise-mac-address=yes advertise-dns=yes 
      managed-address-configuration=yes other-configuration=no dns=fdf2:e2f0:3d5b:1:be24:11ff:fe59:4e73,fdf2:e2f0:3d5b:1:be24:11ff:feb6:90f

Does anyone know why this address is being generated and how I can disable it?

I have the following IPv4 rules: 1. `iptables -t nat -A PREROUTING -d "server ipv4" -p tcp -m tcp --dport 80 -i eth0 - j DNAT --to-destination 127.0.0.1:55555` 2. iptables -P INPUT ACCEPT In addition, I have a simple proxy that listens on the localhost address: 127.0.0.1:55555 In IPv4 it is working well. When I tried to do the same in IPv6: 1. iptables -t nat -A PREROUTING -d "server ipv6 " -p tcp -m tcp --dport 80 -i eth0 -j DNAT --to-destination [::1]:55555 2. ip6tables -P INPUT ACCEPT I can't get it to work! I was able to make it work with: 1. --to-destination ["link-local IPv6"]:55555 2. --to-destination ["Server IPv6"]:55555 When I turn on forwarding and add some log line in filter-table, forward-chain. 1. echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2. ip6tables -I FORWARD -j LOG --log-prefix='[filter FORWARD] ' I can see the packet. > [268332.372177] [filter FORWARD] IN=eth0 OUT=eth0 > MAC=be:69:fd:2a:9e:bd:0a:08:f1:46:19:a1:86:df SRC= > DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=63 > FLOWLBL=0 PROTO=TCP SPT=42082 DPT=55555 WINDOW=28800 RES=0x00 SYN > URGP=0 I can see that the OUT interface is "eth0" and not "lo", and the kernel think that the packet is not intended for this server. I have centOS 7, and I did try this in Ubuntu 16 as well.

After successfully installing Nextcloud on my Raspberry Pi running Debian and accessing it locally, I have some issues configuring my Apache2 Webserver for external access. My internet provider is Vodafone and there is only DS-Lite available. So I read that everything must be configured by IPv6. I have registered a public domain via No-IP and entered my IPv6 address. I have also extended the sites-available file:

ServerAdmin xx
   ServerName xx
   ServerAlias xx
   DocumentRoot /var/www/html


    AllowOverride None
    Require all granted


   ErrorLog ${APACHE_LOG_DIR}/xx.log
   CustomLog ${APACHE_LOG_DIR}/xx.log combined

My Ports.conf looks like this:

`
Listen [::]:80
Listen [::]:443


        Listen 443



        Listen 443

` In the FritzBox config I have opened the ports 80 and 443 for the IPv6 address. Creating a certificate via certbot also fails with connections refused, a well-known issue. What else needs to be configured for only Ipv6 access? Thanks in advance!

I have a VM on a host with bridged networking (hence, with its own MAC address). Both host and VM run CentOS. Their network is managed by simple /etc/sysconfig/network-scripts/ifcfg-enpXsY files. IPv4 works just fine. I have assigned an IPv6 address to the VM (the host also has one) which is routed correctly in the data centre. Most connections use IPv4, however (no DNS AAAA entry for the machine yet, still testing IPv6). When I boot up the VM it has full IPv6 connectivity. However, **after a while IPv6 connectivity stops working** (IPv6 magic?). I have narrowed to problem down to neighbour (ARP/NDISC cache) data: Not working, cannot ping or connect by IPv6 in or out: # ip -6 neighbour fe80::1 dev enp1s2 lladdr 0c:86:72:2e:04:28 router STALE Fix/workaround to refresh the cache: # ip -6 neighbour flush dev enp1s2 # ip -6 neighbour (empty, as expected) Then ping6 the host from within the VM to fill the cache: # ping6 2912:1375:23:9a6c::2 PING 2912:1375:23:9a6c::2(2912:1375:23:9a6c::2) 56 data bytes 64 bytes from 2912:1375:23:9a6c::2: icmp_seq=1 ttl=64 time=2.35 ms 64 bytes from 2912:1375:23:9a6c::2: icmp_seq=2 ttl=64 time=0.468 ms ^C # ip -6 neighbour fe80::1 dev enp1s2 lladdr 0c:86:72:2e:04:28 router REACHABLE 2912:1375:23:9a6c::2 dev enp1s2 lladdr 08:21:4b:b7:f8:31 DELAY IPv6 neighbour/ARP table restored to validity and connectivity is working in and out! **So my questions are:** 1. Why does the cache become stale? 2. What can I do to avoid it? Of course I could run those commands in a cron job (how often?) but I suppose that cannot really be needed for IPv6 to work in general? PS: I used a script for tests: **The IPv6 stack breaks down about every 20 minutes**. Can that be explained by RFCs?

I want to test an application that runs a complete IPv6 stack in user space. The application is supposed to process and send ethernet frames. For that I want to set up a network interface on Linux that I can access from my local computer like if it were another participant in the network. I read that I should use a tap device for that. So I created a script to set up an interface and a test application. Here is my script to set up the interface:

#!/bin/bash

MAC_ADDR="00:11:22:33:44:55"
IP_ADDR="2001:db8::2"

setup() {
    # Create the TAP interface (if not already created)
    ip tuntap add dev tap0 mode tap

    # Assign an IPv6 address to the TAP interface
    ip -6 addr add "${IP_ADDR}/64" dev tap0

    # Bring the TAP interface up
    ip link set dev tap0 up

    # Set a custom MAC address for the TAP interface
    # (Replace with your desired MAC address)
    ip link set dev tap0 address $MAC_ADDR

    # Disable kernel IPv6 handling on this interface
    sysctl -w net.ipv6.conf.tap0.forwarding=0
    sysctl -w net.ipv6.conf.tap0.accept_ra=0

    # Print interface details to verify the MAC address and IP
    ip addr show dev tap0
}

cleanup() {
    ip link set tap0 down || true
    ip tuntap del dev tap0 mode tap
}

# Setup tap interface
setup

# Cleanup when exiting
trap cleanup SIGINT

# Keep the interface up indefinitely
echo "Press Ctrl+C to bring down the interface"
sleep infinity

This is my test application:

++
// TunInterface.h
#pragma once

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

class TunInterface {
public:
    TunInterface(const std::string& dev_name,
                 std::function recv_callback,
                 const unsigned char* mac_address = nullptr)
        : dev_name(dev_name), receive_callback(recv_callback), mac_filter(mac_address) {
        // Open the TUN device
        tun_fd = open("/dev/net/tun", O_RDWR);
        if (tun_fd  receive_callback;
    const unsigned char* mac_filter;  // If nullptr, no filtering is done

    bool is_mac_filtered(const unsigned char* packet) {
        if (mac_filter) {
            struct ethhdr* eth_header = reinterpret_cast(const_cast(packet));
            return std::memcmp(eth_header->h_dest, mac_filter, ETH_ALEN) == 0;
        }
        return true;  // No filter if mac_filter is nullptr
    }
};

#endif

++
#include "TapInterface.h"
#include 

int main() {
    // Define the MAC address for filtering (e.g., 00:11:22:33:44:55)
    uint8_t macAddr = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 };

           // Create a TapInterface with MAC filtering enabled
    TapInterface tap("tap0", macAddr);

    if (!tap.isValid()) {
        std::cerr << "Failed to create TAP interface\n";
        return 1;
    }

           // Register a callback to handle received frames
    tap.registerReceiveCallback([](const uint8_t* data, size_t len) {
        std::cout << "Received frame of length " << len << " bytes\n";
    });

    std::cout << "Listening on tap0. Press Ctrl-C to exit.\n";
    while (true) pause(); // Or use any other suitable loop
}

When I run ping6 2001:db8::2 I expect to see at least neighbour discovery ethernet frames in my test application. But I see nothing. Instead, I get replies to my ping6 attempts as soon as I start the test application. Looks like the kernel is still interfering. I tried a similar approach using a tun device and that worked, but that didn't operate on Layer 2. I am running on Ubuntu 24.04. What could be wrong? Thanks.

My local network is simple. sudo ifconfig enp3s0: flags=4163 mtu 1500 inet 192.168.31.52 netmask 255.255.255.0 broadcast 192.168.31.255 inet6 fe80::e23f:49ff:fe57:4bd1 prefixlen 64 scopeid 0x20 ether txqueuelen 1000 (Ethernet) RX packets 934205 bytes 918638128 (876.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 557104 bytes 69517532 (66.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 2773 bytes 4761793 (4.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2773 bytes 4761793 (4.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 I want to my vps which own ip6 address. ssh -vv -6 2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0 OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0" port 22 ssh: Could not resolve hostname 2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0: Name or service not known sudo ip -6 addr add 2001:19f0:5401:1cda:5400:02ff:fe8c:056f/128 dev enp3s0 ssh -vv -6 2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0 OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0" port 22 ssh: Could not resolve hostname 2001:19f0:5401:1cda:5400:02ff:fe8c:056f%enp3s0: Name or service not known

I have a CentOS6 box which I've used as a NAT router for years, with /proc/sys/net/ipv4/ip_forward=1 I now have both an IPv4 address and an IPv6 address from Starlink, with inet6 addr: 2605:****:****:****:****:****:****:3660/64 Scope:Global. That seemed to magically appear even though I had IPv6 set to "ignore" in the NetworkManager GUI. How can I get an IPv6 internet connection for other devices on my local network ? I tried using NetworkManager to set both local and internet interfaces to "IPv6 Automatic" with no success. I assume I might be able to assign local addresses in the FD00 range and set /proc/sys/net/ipv6/conf/all/forwarding=1, i.e. NAT, but I thought I was supposed to get 64 global addresses for my devices.

I am trying to configure a NetworkManager connection for IPv6 privacy. My goal is to assign a temporary IPv6 address with limited lifetime to my device. I manually crafted a xxx.nmconnection configuration file according to general NetworkManager documentation. However I bump on serious problems.

Address generation

The file contains several address definitions: ~~~ addr-gen-mode=stable-privacy # A address1=2xxx:yyyy::zzzz # B address2=fe80::1234 # C ip6-privacy=prefer-temp-addr # D ~~~ Request A is there to generate a random stable address. Request B creates a global manual address. C is a link-local address to reference "comfortably" the machine on the LAN. D requests a global temporary address. When I emit ip -6 addr show, the command only displays B and C. I could understand that A and B conflict (because I force a manual address) but documentation does not mention such a conflict. I checked with sysctl -a -r addr that the parameters have the correct value in the kernel. Despite many reboots, I could not get the stable-privacy address.

DHCP workaround

I thought I could replace the temporary addresses by a DHCP lease. This is a surrogate but I can't control the lease lifetime, probably because the lease is controlled by the box and the interface does not provide access to these parameters.

Fedora issue ?

I read here that Fedora "does not enable" temporary addresses. However I could not find hints about hard-coded or configuration-controlled disable. In the latter case, I should get temp-addresses after toggling the parameter. It is also possible that I missed a procedural step. I expect the temp address to be generated when I activate my connection. But it does not happen.

Help

Could you guide me in enable IPv6 temporary addresses in my Fedora 41 computer?