[Solved] Unwanted Secondary IPv6 Address Blocking Internet Access

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
Kian
Posts: 4
Joined: 2024-10-11 07:37
Been thanked: 1 time

[Solved] Unwanted Secondary IPv6 Address Blocking Internet Access

#1 Post by Kian »

Hi,

I have a Debian 12 server connected to my router via LAN.

After booting, I can ping external IPv6 addresses, a few minutes later I cannot. It turns out that my server "receives" a second IPv6 address, which is not known and therefore not routed by my router. Unfortunately, my server uses this second address to send packets, which means there is no return path from the internet, and thus all external connections fail.
Incoming connections and outgoing LAN connection do work.

If I manually delete the unwanted address, everything works as it should - until it comes back after 2-3 minutes!

I have checked syslog, but there is nothing regarding this. The server seems to create the second address all by itself, using the prefix my router gave it.

Code: Select all

Prefix: 2001:a61:50bb:8800::/56
working IP: 2001:a61:50bb:880[b]1[/b]:xxxx:xxxx:xxxx:xxxx/64 
second IP: 2001:a61:50bb:880[b]2[/b]:xxxx:xxxx:xxxx:xxxx/64 
The interface is configured in /etc/network/interfaces as follows:

Code: Select all

auto eno1
iface eno1 inet6 manual
Being desperate, I have also tried dhcp, which my router does not provide on ipv6, and static, both to no avail. I did not really expect this to help anyway ...

Has anyone seen this behavior and knows how to solve it?
Last edited by Kian on 2024-10-11 14:23, edited 1 time in total.

Kian
Posts: 4
Joined: 2024-10-11 07:37
Been thanked: 1 time

Re: Unwanted Secondary IPv6 Address Blocking Internet Access

#2 Post by Kian »

Responding to my own post: this was actually a router issue, my server config and Debian are not at fault.
My router has separate home and guest networks, and for some reason, it advertises the guest network to my server, which is in the home network, resulting in a route with an unreachable gateway. Three day's time gone up in smoke, duh!

Once I had found the packet that should not even exist, I blocked the guest network on my server using ip6tables, and everything works as expected now. I also informed the manufacturer of the router of this issue.

Aki
Global Moderator
Global Moderator
Posts: 4077
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 115 times
Been thanked: 539 times

Re: [Solved] Unwanted Secondary IPv6 Address Blocking Internet Access

#3 Post by Aki »

Hello,
Kian wrote: 2024-10-11 14:22 Responding to my own post: this was actually a router issue, my server config and Debian are not at fault.
Thanks for reporting back.

Can you provide the modem model/manufacturer if this is not an issue for you?
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

Kian
Posts: 4
Joined: 2024-10-11 07:37
Been thanked: 1 time

Re: [Solved] Unwanted Secondary IPv6 Address Blocking Internet Access

#4 Post by Kian »

Aki wrote: 2024-10-11 23:38 Can you provide the modem model/manufacturer if this is not an issue for you?
Sure: both FritzBox 7530 (running FritzOS 8.0) and 7490 (running FritzOS 7.5) are affected. I cannot speak for their other models, of course.

Kian
Posts: 4
Joined: 2024-10-11 07:37
Been thanked: 1 time

Re: [Solved] Unwanted Secondary IPv6 Address Blocking Internet Access

#5 Post by Kian »

Root cause found. As it happens every so often, the problem was between chair and keyboard: my VLAN configuration had been wrong, so the switch did not separate the two networks properly.

I apologize to AVM, the manufacturers of FritzBox.

Post Reply