IPv6 setup trouble

After problems with delivery of mail sent from my linode Centos 7's IPv6 address, I followed advice from https://www.spamhaus.org/faq/section/Spamhaus%20CSS#426 and requested a /64 for my Linode. When I got it, I picked an IP address from the given range, ran nmtui to change the address from the SLAAC-assigned one to the new address, and rebooted.

And now IPv6 isn't working at all. I can log into my linode (over IPv4), but I can't reach it over IPv6, and I can't ping from it to anywhere. (OK, it can ping its own IPv6 address, but not, for example, the gateway or DNS servers.)

I don't know much about routing or IPv6 so I'm probably overlooking something obvious.

# ip addr list eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:3c:91:50:41:d6 brd ff:ff:ff:ff:ff:ff
    inet 173.255.197.46/24 brd 173.255.197.255 scope global noprefixroute dynamic eth0
       valid_lft 83935sec preferred_lft 83935sec
    inet6 2600:3c00:e000:2f7::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::ea4e:558a:8db6:3262/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
# ip -6 route
unreachable ::/96 dev lo metric 1024 pref medium
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 pref medium
unreachable 2002:a00::/24 dev lo metric 1024 pref medium
unreachable 2002:7f00::/24 dev lo metric 1024 pref medium
unreachable 2002:a9fe::/32 dev lo metric 1024 pref medium
unreachable 2002:ac10::/28 dev lo metric 1024 pref medium
unreachable 2002:c0a8::/32 dev lo metric 1024 pref medium
unreachable 2002:e000::/19 dev lo metric 1024 pref medium
2600:3c00:e000:2f7::/64 dev eth0 proto kernel metric 100 pref medium
unreachable 3ffe:ffff::/32 dev lo metric 1024 pref medium
fe80::1 dev eth0 proto static metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 100 pref medium
default via fe80::1 dev eth0 proto static metric 100 pref medium
# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
# traceroute6 2600:3c00::6
traceroute to 2600:3c00::6 (2600:3c00::6), 30 hops max, 80 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * fieldses.org (2600:3c00:e000:2f7::1)  3042.686 ms !H

6 Replies

I added the new IPv6 address second in nmtui, which results in it adding an IPV6ADDR_SECONDARIES=(new ip) line in the corresponding /etc/sysconfig/network-scripts/ file. Then I set I sent some email, and verified that it was transmitted from the new IPv6 address, without the need to do any additional postfix configuration. So, it all looks good now.

Thank you for helping sort out my confusion!

If you want to have this working in Ubuntu 18+, without explicitly limiting postfix to a specific IPv6, but rather have your dedicated /64 block IP selected as primary IP by Ubuntu, you need to:

  • Remove all /etc/netplan config
  • Remove all /etc/systemd/networkd/ config
  • Create a new /etc/systemd/networkd/10-eth0.network config with the following content.
[Match]
Name=eth0

[Network]
DHCP=no

Address=<your IPv4 address>/24
Gateway=<IPv4 gateway address>

# SLAAC address needs to be statically configured as first entry in order to get it last in the IP list of `ip -6 a s dev eth0`
Address=<your SLAAC IPv6 address>/64
Address=<your chosen /64 block IPv6 address>/64

DNS=<DNS IPv4> <DNS IPv6> <DNS2 IPv4> <DNS2 IPv6>
Domains=members.linode.com

[IPv6AcceptRA]
# This option forbids networkd to generate the dynamic SLAAC-generated IPv6 based on the Router Advertisement (RA). This option does not exist for netplan so far.
UseAutonomousPrefix=no

# Note: MTU, default gateway and on-link prefix route are still configured automatically through the RA.

ran nmtui to change the address from the SLAAC-assigned one

You still need to have the SLAAC-assigned IPv6 address configured in order for things to work, as the /64 is routed to that address. Try statically configuring both the SLAAC-assigned IPv6 address and another address from the /64.

This guide should give you everything you need to configure IPv6.

Oh, I see, thanks.

Does that mean I need to do some additional configuration for my mail daemon to make sure it's sending from the new IPv6 address one and not the (blacklisted) SLAAC address?

Linux will send from the last added IPv6 address by default, unless an application explicitly requests another.

Therefore in my static config, I have the SLAAC address first, then the ::1 address from my /64 pool, so apps use that as the default address. I only use my SLAAC address to connect to SSH.

Depending on your mailer daemon, you may also be able to configure it explicitly so you still use your SLAAC address as your default IPv6 address.

In Postfix, it's the smtp_bind_address6 option.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct