5

I am using 20.04 LTS, but suddenly I can't browse websites which has their IP addresses as IPv6, for example (hepsiburada.com).

Even apt update command no longer works, because Launchpad is redirecting to an IPv6 address:

W: Couldn't get http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu/dists/focal/InRelease  ppa.launchpad.net:80 (2001:67c:1560:8008::19). - connect (101: Network is unreachable)

Also:

$ ping ipv6.google.com
ping: connect: Network is unreachable

However, I can browse all the other IPv4 websites just fine with no issues.

What could be the issue?

Update: I have identified that the apt issue has ties to HTTPS or a certificate issue, so it sounds like it is not exactly an IPv6 issue. My ISP was found to not support IPv6 addresses. Still, as I said in a comment, I can't browse websites like hepsiburada.com and yurticikargo.com and suratkargo.com.tr, even Google fails to load some times.

/etc/grub/default:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash nvme_core.default_ps_max_latency_us=0"
GRUB_CMDLINE_LINUX=""

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

/etc/gai.conf:

# Configuration for getaddrinfo(3).
#
# So far only configuration for the destination address sorting is needed.
# RFC 3484 governs the sorting.  But the RFC also says that system
# administrators should be able to overwrite the defaults.  This can be
# achieved here.
#
# All lines have an initial identifier specifying the option followed by
# up to two values.  Information specified in this file replaces the
# default information.  Complete absence of data of one kind causes the
# appropriate default information to be used.  The supported commands include:
#
# reload  
#    If set to yes, each getaddrinfo(3) call will check whether this file
#    changed and if necessary reload.  This option should not really be
#    used.  There are possible runtime problems.  The default is no.
#
# label      
#    Add another rule to the RFC 3484 label table.  See section 2.1 in
#    RFC 3484.  The default is:
#
#label ::1/128       0
#label ::/0          1
#label 2002::/16     2
#label ::/96         3
#label ::ffff:0:0/96 4
#label fec0::/10     5
#label fc00::/7      6
#label 2001:0::/32   7
#
#    This default differs from the tables given in RFC 3484 by handling
#    (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
#    The reason for this difference is that these addresses are never
#    NATed while IPv4 site-local addresses most probably are.  Given
#    the precedence of IPv6 over IPv4 (see below) on machines having only
#    site-local IPv4 and IPv6 addresses a lookup for a global address would
#    see the IPv6 be preferred.  The result is a long delay because the
#    site-local IPv6 addresses cannot be used while the IPv4 address is
#    (at least for the foreseeable future) NATed.  We also treat Teredo
#    tunnels special.
#
# precedence     
#    Add another rule to the RFC 3484 precedence table.  See section 2.1
#    and 10.3 in RFC 3484.  The default is:
#
#precedence  ::1/128       50
#precedence  ::/0          40
#precedence  2002::/16     30
#precedence ::/96          20
#precedence ::ffff:0:0/96  10
#
#    For sites which prefer IPv4 connections change the last line to
#
#precedence ::ffff:0:0/96  100

#
# scopev4    
#    Add another rule to the RFC 6724 scope table for IPv4 addresses.
#    By default the scope IDs described in section 3.2 in RFC 6724 are
#    used.  Changing these defaults should hardly ever be necessary.
#    The defaults are equivalent to:
#
#scopev4 ::ffff:169.254.0.0/112  2
#scopev4 ::ffff:127.0.0.0/104    2
#scopev4 ::ffff:0.0.0.0/96       14
precedence ::ffff:0:0/96  100

/etc/sysctl.conf:

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Update 2: So after investigation it turns out this issue has nothing to do with IPv6. Yes my network does not support IPv6 but it looks like I have other issues from my ISP, which has nothing to do with Ubuntu specifically since I am having the same issues on my android phone using the same network.

Thanks for everyone who helped and suggested ideas, and sorry to bother you about a wrong problem.

Madno
  • 145
  • 4
  • 13
  • From the error message, this sounds like a routing issue... Please run `ip -6 route` and verify there is a default rout configured... you should see something like `default via fe80::....` this is usually the IPv6 gateway which points to your routing device.... If no default IPv6 rout is configured then you need to fix it or otherwise no traffic goes through to the Internet from your machine. – Raffa May 26 '21 at 18:29
  • I am getting this as the output of the command: `::1 dev lo proto kernel metric 256 pref medium fe80::/64 dev enp8s0 proto kernel metric 100 pref medium` – Madno May 26 '21 at 18:42
  • Yap :) ... As I expected... no default rout!... In your router device, find and enable IPv6 DHCP and reboot it then reboot your computer. Please note there is a bit more choices for IPv6 DHCP and you might need to refer to the manuals for your specific routing device. I am assuming it is the all in one device that you get from your ISP. – Raffa May 26 '21 at 18:51
  • I checked and found that my ISP does not support IPv6, which seems to be part of the issue here. Still, shouldn't there be a redirection working automatically from IPv6 to IPv4? Is it normal that I can no longer install or update my system with apt because of this? – Madno May 26 '21 at 18:56
  • In this case there is not much you can do... You need IPv6 routing capabilities also at the ISP level. Besides changing your ISP, you can have a look at [6to4](https://en.wikipedia.org/wiki/6to4) – Raffa May 26 '21 at 19:06
  • I live in Turkey and no ISPs in the country support IPv6. I still don't understand why IPv6 websites are not falling back to IPv4 on my system? Is it normal that Ubuntu is basically no longer usable in the country? And why did this happen only 2-3 days ago? – Madno May 26 '21 at 19:30
  • The fallback happens if the website offers an `A` record in addition to the IPv6 `AAAA` record and Ubuntu or any other OS cannot fallback if that record is missing. This issue has more to do with the Internet than with the OS... Too much to explain in a comment... If you would like me to explain more, please let me know and I will post an answer. – Raffa May 26 '21 at 19:56
  • By the way `hepsiburada.com` does not seem to have an IPv6 address but rather an IPv4 one ----> `185.92.215.200` so you should be able to connect to it using your current ISP but I have to say their DNS records are not in best shape :) – Raffa May 26 '21 at 20:03
  • It is not just `hepsiburada.com` but also some other websites like `yurticikargo.com` and `suratkargo.com.tr`. Even Google sometimes does not load for hours. And since my apt does not work on my system as well I thought it is an IPv6 issue but I don't know it could be something else? I have to add that sometimes (after like 50 tries) these websites work with me, but apt never worked. – Madno May 27 '21 at 08:43
  • 1
    You say in an edit your ISP does not support IPv6. The most obvious solution is to switch to a different ISP that supports IPv6. If you are not comfortable doing so, you can also kindly ask your current ISP to add support for IPv6 and check for updates once in a while at https://test-ipv6.com/. Also check if you can use IPv6 in your local network using ping in the terminal. If you can't ping to an IPv6 address that is on your network (like the default gateway), this is an issue on your network and you should probably configure IPv6 addresses for your router and pc. – Irsu85 May 27 '21 at 12:57
  • All three sites you mentioned (`hepsiburada.com`, `yurticikargo.com` and `suratkargo.com.tr`) resolve as purely IPv4 addresses (I checked this on three different systems with different DNS servers). So your issues seems rather DNS related than IPv6 related, as these sites don't use IPv6... – raj May 27 '21 at 21:57
  • You can check how domain names are resolved on your system with *resolvectl query* and use it like so `resolvectl query google.com` and you can check the route to the destination website with *traceroute* and use it like so `traceroute google.com` ... I would investigate with these two tests before attempting any system changes... The issue might be from your ISP and not your system... I t would help as well to connect to your mobile phone or any other ISP available to you and see if the issue persists. – Raffa May 28 '21 at 12:50
  • You are all right, it turns out I was wrong on thinking it is an IPv6 issue. I updated the question accordingly. I am new to the site so should I close this question or award the +200 to the top upvoted solution or... ? – Madno May 28 '21 at 17:15

4 Answers4

2

A few notes that may help. You would increase your chances of killing the issue if you post prompt feedback.

Possible solutions / things to try

  1. EDIT If your computer is portable, try doing the same from a different location. This shows a case with similar symptoms as yours, with hardware as s source of problems. Or you can use you cell phone as USB tethering.

  2. EDIT Same as above, from a place with a combination ISP/router that supports IPV6 and has it enabled.

  3. Suppress IPV6 (necessary if IPV6 is definitively not available)

    1.1. Add ipv6.disable=1 to the value of GRUB_CMDLINE_LINUX_DEFAULT (usually having the value "quiet splash") in grub. Use

    $ sudo nano /etc/default/grub
<EDIT>, <SAVE>
$ sudo update-grub

    1.2. Reboot.

  4. Suppress IPV6. Append to /etc/gai.conf the following line:

    precedence ::ffff:0:0/96  100

    or uncomment it if it exists.

  5. Suppress IPV6 (source). Use (I am not sure the last command is needed)

    $ sudo nano /etc/sysctl.conf
<EDIT>, <ADD LINES BELOW>, <SAVE>
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
$ sudo sysctl --load
$ sudo systemctl restart networking

  6. Suppress IPV6 only for apt-get. Add -o Acquire::ForceIPv4=true when running apt-get. Or make it permanent as in here.

Extra helpful info

Please post in the question the output of the following commands

  1. cat /etc/default/grub
  2. cat /etc/gai.conf
  3. cat /etc/sysctl.conf
  4. EDIT cat /etc/apt/sources.list
  5. EDIT inxi -N
  6. EDIT lspci -knn | grep Net -A2

Please add info on the following points

  1. You mention "suddenly I can't browse websites which has their IP addresses as IPv6". Were you able to browse those same sites before? With the same software and hardware that you currently cannot? Can you identify any change in between?
  2. EDIT Brand/model of your computer.
  3. EDIT Outcome of (renumbered) items 1 and 2 above.

Related

  1. Error 101: Network is unreachable when trying to update
sancho.s ReinstateMonicaCellio
  • 14,146
  • 10
  • 41
  • 89
  • I applied all the steps but with no luck. By the way I get errors like `sysctl: cannot stat /proc/sys/net/ipv6/conf/lo/disable_ipv6: No such file or directory` in step 3. As for your question yes; I was able to browse the websites and update my system normally. No change on any hardware or software. – Madno May 27 '21 at 08:32
  • @Madno - Please see edited answer and post info, also item 3. It is best if you post that in the question, with proper markdown formatting. Also, do you still get the exact same error with `apt update`? Please try using `sudo apt-get update` if you did not do it yet. – sancho.s ReinstateMonicaCellio May 27 '21 at 13:24
  • @Madno - So the change of behaviour was "spontaneous"? – sancho.s ReinstateMonicaCellio May 27 '21 at 13:25
  • Yes it was. I added the files you requested to the question. I ran apt-get as well and I got the same error: https://askubuntu.com/questions/1340966/connection-to-ppa-launchpad-net-not-private – Madno May 27 '21 at 15:04
  • @Madno - Please see EDITs. – sancho.s ReinstateMonicaCellio May 28 '21 at 02:21
1

Try removing iface eth0 inet dhcp and iface eth0 inet6 dhcp from /etc/network/interfaces. Network Manager will receive an IPv6 address if it is available.

If you have to use manual configuration in /etc/network/interfaces, the correct setting for IPv6 will be iface eth0 inet6 auto since in many cases DHCPv6 is not used on a router. The most common is SLAAC configuration.

SirStopIt
  • 13
  • 4
1

First check whether IPv6 is disabled on your system by running this command in your Terminal:

ip a | grep -i inet6

If the output of that command is blank, that means IPv6 is disabled and needs to be re-enabled. If it is not blank, that means IPv6 is enabled on your system and the issue could be at a router or provider level. You can enable IPv6 by running these commands:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
sudo sysctl -p
SirStopIt
  • 13
  • 4
KK Patel
  • 18,693
  • 14
  • 57
  • 79
  • It is not blank, it shows two lines of inet6 along with an IPv6 address. So I take it it is enabled. – Madno May 26 '21 at 17:26
  • Okay. In that case, it is issue at L3. Here you did n't mention if your system is connected with home router or enterprise firewall. – KK Patel May 26 '21 at 18:03
  • It is an ordinary home router. I have checked that firewall is disabled as well. – Madno May 26 '21 at 18:24
  • In that case, Kindly check with Internet provider. Also should be happening with other devices, mobile etc. – KK Patel May 26 '21 at 18:55
0

So... As it turns out, this was not an IPv6 issue. It turns out my ISP had some weird problem in connecting to these websites (and others), so I contacted them and they fixed things from their end. Now everything is working.

Thanks for everyone who helped in this and sorry I wasted your time.

Madno
  • 145
  • 4
  • 13