Questions tagged as ['ipv6']

IPv6 is the successor to IPv4. Rather than 2^32 addresses (like IPv4), it has 2^128, which is 340,282,366,920,938,463,463,374,607,431,768,211,456 unique addresses (34 undecillion). IPv6 addressing is quite different to IPv4 and is not backwards compatible, but protocols that sit on top (HTTP, SSH, etc) remain unchanged.
Score: 0
Unable to add IPV6 Route in GCP
mx flag

we have a requirement where we need to create a floating Ip and it should be moved across the GCP Compute Instances. In this case we need to add the route under the route table of the VPC(asia-south1) with the floating IP entry(2600:1f18:1802:4b04:b8f7:9c39:4458:1a05).

Note: IPV6 is supported for the region that we have used.

Please refer to below error when we tried adding the route: Error:

Creating  ...

Score: 0
panicking_kernel avatar
No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?
cn flag

I have an OpenVPN server I've set up on an AWS EC2 instance that is pulling an IPV6 address, and can traceroute6 and ping6 ipv6.google.com. The client can do neither and does not return an address when using online tests like ipleak, or testipv6. The server and client can ping6 and traceroute6 each other.

The client appears to pull the correct address locally, and via ip -6 route. IPV4 has always wor ...

Score: 4
Which ICMP types (v4/v6) should not be blocked?
in flag

I have made a lot of research into this and have found that some references contradict each other.

IPV6 For example RFC4890 says the following types should be allowed for optimal functionality:

Type 1, 2, 3, 4, 128, 129 and for mobility assistance also 144, 145, 146 and 147.

However this source doesn't mention mobility assistance was required: (also type 1 and 4 are omitted)

Type 128, 129, 2, 3 and ...

Score: 0
Ray Foss avatar
Promote external IPv6 to static?
cn flag

What's the command for promoting an externally accessible IPv6 range to static within the VPC subnet?

My VM is accessible at 64bit wide IPv6 range, within a 96bit IPv6 subnet. But I'm afraid these may change without warning... this command seems like it should work:

gcloud compute addresses create myvm-6     --addresses "2600:abcd:abcd:abcd:0:0:0:0"     --region us-west2     --subnet neo-ipv6

ERROR: (gc ...
Score: 0
How to send/broadcast ipv6-mac maping cache update request for IPv6 IP
cn flag

We can update IPv4 neighbors by using arping command. I have used arping -A -I -c <interface_name> <IP_address_of_interface> with success.

what is the command to update mapping of IPv6 address and mac on router/gateway/nodes. we have observed when IPv6 address is removed from one node N1(RHEL-7.9 Node) and assigned to other node N2(RHEL-7.9 Node), mac address on router(Extreme Networks VD ...

Score: 0
Can safely block these ICMPv6 message types on a web server?
ca flag

I have a Debian 11 VPS on a cloud provider, with both IPv4 and IPv6 enabled and the eth0 interface with both a global-scoped ipv6 address (public) and a link-scoped ipv6 address (fe80::/10).

The sole purpose of the server is to host a public website.

I’m implementing a firewall on the server using iptables/ip6tables. I read RFC4890 but still not sure how to handle some ICMPv6 message types and if  ...

Score: 0
PieterV avatar
ipv6 route add with next hop fails
pl flag

I'm trying to add an ipv6 route on machine B to subnet behind next hop A:

2:2:2::2/64 +---+ 192:168:2::1/64      192:168:2::10/64 +---+
       -----| A |---------------------------------------| B |
            +---+                                       +---+

The next hop (192:168:2::1) is reachable (ping succeeds), yet I cannot add it as a next hop in an ipv6 route:

(B):~ > sudo ip -6 route add 2:2: ...
Score: 0
Said Jawad avatar
Netflow records with Destination Ports 1025,257 and Protocol as ipv6-icmp
ng flag

I have some Netflow records from a bunch of routers. The records contain IPv6 flows and there are entries with protocol as ipv6-icmp and their destination port values as 0, 1025 and 257. I know from this link that the value of 0 for ipv6-icmp in netflow indicates an echo reply. Is there any resource to find the meaning of the ipv6-icmp-1025 and ipv6-icmp-257?

Score: 0
Scheintod avatar
ipv6 distribute an ula prefix without an router
bz flag

I have a network which has no ipv6 connectivity to the internet. But I'd like to play a little with private networking.

So I want to use ULAs for my devices and automatically distribute the prefix.

I know that ipv6 uses router advertisement to do so. But (hence the name...) it advertises a router, too. In my case using dnsmasq it's the address of the server running it. So it ends up in my clients as ...

Score: 0
jwbensley avatar
Can't chain more than one network namespace together
de flag

Problem Statement

With the below configuration a veth pair is created between the default/main net namespace and a netns called ns1.

The config also creates a second veth pair: veth2 is in netns ns1 and veth3 is in netns ns2, this joins ns1 to ns2 creating the chain: default netns-veth0 <-> veth1-ns1-veth2 <-> veth3-ns2.

sudo ip link add veth0 type veth peer name veth1
sudo ip -6 addr ad ...
Score: 0
What are use cases for getting an ipv6 /64 subnet per server
mx flag

I am somewhat new to the whole networking topic and am trying to understand why certain things are the way they are.

Right now I am struggling to understand why you get a whole /64 ipv6 subnet for each server when renting one. Is it because the are just enough addresses anyway and we might as well assign them? Or are there actual use cases? I find it hard to imagine that a single server could mak ...

Score: 1
Daxorp avatar
Apache .htaccess require ip not strict enough with IPv6
tr flag

Let's suppose my IPv6 is 1111:2222:3333:4444:5555:6666:7777:8888

I can write any of these lines in the Apache .htaccess:

Require ip 1111:2222:3333:4444:0000:0000:0000:0000
Require ip 1111:2222:3333:0000::/64
Require ip 1111:2222:0000:0000::/64
Require ip 1111:2222:0000:0000:

I still can access the site. Apache seems to test only the 2 first blocks of IPv6. Did I miss something? How can I really limit to  ...

Score: 0
Neeraj avatar
How to proxy ftp connection between IPV4 server to an IPV6 client and vice versa
cn flag

We have a gateway solution which connects legacy RADIO's having ftp server running with IPV4 interface to DU's running with IPV4 ftp clients to do file upload and download operations. And currently we use ftp-proxy to proxy the ftp connection between different IPV4 ip addresses.

Now we need to support DU interface with IPV6 so we need to transmit ftp connections between IPV4 to IPV6.

What can be bes ...

Score: 0
Mani Varma Indukuri avatar
Unable to reach WAN from LAN host on IPv6
ru flag

In my router, I have 2 interfaces enp1s0 (assumed as WAN) and enp4s0(assumed as LAN). I connected a LAN host and a WAN host. I can ping from LAN host to WAN port of the router but not to the gateway of WAN. The setting is as follows :

  • LAN host IP : 8888::5/64
  • LAN gateway IP (router's enp4s0) : 8888::1/64
  • WAN port IP (router's enp1s0) : 2401:fb00:0:1ff::1fd/64
  • WAN gateway IP : 2401:fb00:0:1ff::1fc/64
Score: 1
Guacamole only listening on IPv6 localhost
ru flag

I have recently installed Apache Guacamole on Ubuntu 20.04 and also tested with the same result on 21.10. I have it all working but have had to do some workarounds because of this issue.

Here is the guide I created after I had completed my install and figured out all the issues.

My question is around whether anyone knows of a way to make guacd listen on both IPv4 and v6? My work around was orginally to d ...

Score: 1
Whitelist both IPv4 and IPv6 in AWS Security Group
br flag

I am setting up an SFTP server, I want to white list all the IPs in the Security Group so people can connect to it from anywhere.

At the moment I am adding 2 rules to the Inbound rules, one rule for IPv4 and one for IPv6:

enter image description here

Is there anyway that I could whitelist both IP versions in one rule?

Score: 0
Hirsch avatar
IPv6: Server can't ping gateway (pfSense) but gets IP
jp flag

I have three servers which should now also get IPv6 connectivity besides the IPv4. Servers:

  1. Pi4 (Raspberry Pi OS)
  2. Nextcloud (Debian 10; Nextcloud as snap)
  3. Mailserver (Debian 10; mailcow as docker, which also uses IPv6)

They are directly connected to the firewall (up to date pfSense) and reside in their own subnet/VLAN. My plan is to use DCHPv6 so that I can give them a fixed IP, from where I can us ...

Score: 0
ndd avatar
Disable outgoing IPv6 for specific users on linux
ru flag
ndd

I would like to block outgoing IPv6 connections for specific users on linux machine. I don't want to disable IPv6 for whole system. How can I do it? I can do it using ip6tables and rejecting OUTPUT connections with icmp6-adm-prohibited or icmp6-no-route or icmp6-addr-unreachable but that for some reason causes delays of about 1s with every connection made (IPv4 is tried only after waiting for 1s). If mu ...

Score: 0
How to setup IPv6 on a Debian 11 VPS?
in flag

I have a test instance on Linode and have asked their technical support to provide me with with an IPv6 range. This is the range I obtained.

2600:3c03:e001:441::/64

How can I expose 200 global IPv6 addresses based on this range, instead of using local addresses like fd42:42:42::1, fd42:42:42::2 etc?

I did some research, but I'm not entirely sure if this is the right approach.

Am I correct to believe t ...

Score: 1
MountainX avatar
How to combine ipset IPv4 and IPv6 configurations
br flag

I'm running Arch Linux and referring to Simple stateful firewall - ArchWiki.

I have two different bash scripts for creating my iptables rules: one for IPv4 and another for IPv6. Each creates one or more ipset hash lists (sets) using the appropriate family: inet or inet6.

That approach is supported by this answer, "You need to have two different sets: one for IPv4 and another for IPv6."

I use the syste ...

Score: 0
seb avatar
NAT64 : make an IPv6-only internet host reachable from any IPv4-only internet host
kr flag
seb

I have Host A, who knows only IPv4 Host B, who knows only IPv6 Host C, on Ubuntu, who knows both IPv4 and IPv6

I need host C to act as a gateway between IPv4 and IPv6. All 3 hosts are on the internet with publicly reachable addresses (IPv4 for A, IPv6 for B).

IPv6-only host will not need to connect to the IPv4-only host. What I mean is I need a translation from IPv4 to IPv6, not the contrary. A will ...

Score: 1
How to block RFC-4193 for IPv6?
in flag

For IPv4 I have a rule that blocks the VPNs to access the local addresses like this:

:PRIVATE_ADDRS_FILTER - [0:0]
-A PRIVATE_ADDRS_FILTER -d 10.0.0.0/8 -j DROP
-A PRIVATE_ADDRS_FILTER -d 172.16.0.0/12 -j DROP
-A PRIVATE_ADDRS_FILTER -d 192.168.0.0/16 -j DROP
-A FORWARD -j PRIVATE_ADDRS_FILTER

Is this how I would do it for IPv6? (based on this source)

:PRIVATE_ADDRS_FILTER - [0:0]
-A PRIVATE_ADDRS_F ...
Score: 0
Pakuss avatar
DHCPv6 with ISC
cn flag

I am building a network and I got stuck while setting up the DHCPv6 Server with isc. I was looking in internet for any documentations, but wasn't able to find anything. I created 2 test vlans - Vlan5 and Vlan6. The client is in vlan5 and the DHCP is in Vlan6. I wanted to create some pools for different vlans but I don't know where to start. Do you have any tips? The only documentations I find are about  ...

Score: 0
ipv6 issue after upgrade to victoria/ubuntu 20.04
vn flag

i'm in charge of a small r&d cluster that is currently running with 1 mixed control/infra/compute node(formerly "all in one" stack), 1 storage node and 1 compute node. The cluster was working fine. I recently upgraded the cluster to ubuntu 20.04 and the victoria release . since then, it appear the instances that are spawned on the dedicated compute node, cannot get ipv6 connectivity (ipv4 works fine ...

Score: 0
y.svanberg avatar
Web browser can resolve domain name from internal DNS
in flag

Coming here from my post on stackoverflow.

I have a webserver hosted on my company's VPN with a domain name, company.domain, registered in a private DNS hosted on the same VPN. When I connect to the VPN and configure the DNS settings on my Windows 10 work pc I am still not able to connect to the webserver because my browser wont use the configured DNS and therefore cant resolve the domain name.

W ...

Score: 0
When using port monitoring for packet capture, capture machine gets messed up IPv6 addresses
in flag

I'm using the "port monitoring" aka "port mirroring" feature of a managed switch to do Wireshark packet captures of network traffic. The traffic I'm monitoring is on a separate sub-net (a separate VLAN configured on the switch).

I have discovered, in this configuration, the Wireshark machine picks up new IPv6 addresses that are on the monitored sub-net. It makes sense how it's happening—the Wir ...

Score: 0
Is there a way to disable ipv4 fallback in squid proxy
us flag

Is there a way to disable ipv4 fallback in squid, i will only use ipv6 outgoing address but if e.g. site is accepting only ipv4 squid fallback to ipv4 i will no fallback.

Score: -1
Eduardo Procópio Gomez avatar
How to enable access to IPv4 users?
de flag

My router works with IPv6, I tried to open a IPv4 server but due to CGNAT no one could access my web server. I asked to some friends to test it, those without IPv6 couldn't reach it. ReqBin also could'nt reach.

I can access IPv4 servers, but I have shared public IPv4, so it's impossible to do web hosting in it.

How can I allow IPv4 users to access my IPv6 server?

Score: 1
user3550166 avatar
Forwarding ipv6 link local destined traffic not working
in flag

Setup:

VM (eth0) -> hostveth -> ContainerVeth

eth0 and hostveth are in VM network namespace while containerveth is in different namespace

sysctl ipv6 forwarding and iptables FORWARD chain are allowed. Checked filter table and no rule to block link local ipv6.

Request coming from outside of VM to Linux pod (container). Pod receives a request from linklocal ip and it responded back to the reque ...

Score: 3
Ricain avatar
NFTABLE issue: IPv6 does not behave like IPv4 with mirror config
sm flag

I have an issue with IPv6 on my server. I have nginx configured to listen on port 443 from IPv4 and IPv6. And it works great: my webiste is available form Internet with TLS enabled.

Things get complicated when I activate nftables: when I am accessing my website from IPv4 it works, but when I access it from IPv6 connections time out :(

Output of sudo nft list ruleset:

table inet filter {
        chain INP ...