Can't browse IPv6 Websites

Question

I am using 20.04 LTS, but suddenly I can't browse websites which has their IP addresses as IPv6, for example (hepsiburada.com).

Even apt update command no longer works, because Launchpad is redirecting to an IPv6 address:

W: Couldn't get http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu/dists/focal/InRelease  ppa.launchpad.net:80 (2001:67c:1560:8008::19). - connect (101: Network is unreachable)

Also:

$ ping ipv6.google.com
ping: connect: Network is unreachable

However, I can browse all the other IPv4 websites just fine with no issues.

What could be the issue?

Update: I have identified that the apt issue has ties to HTTPS or a certificate issue, so it sounds like it is not exactly an IPv6 issue. My ISP was found to not support IPv6 addresses. Still, as I said in a comment, I can't browse websites like hepsiburada.com and yurticikargo.com and suratkargo.com.tr, even Google fails to load some times.

/etc/grub/default:

# If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. # For full documentation of the options in this file, see: # info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0 GRUB_TIMEOUT_STYLE=hidden GRUB_TIMEOUT=10 GRUB_DISTRIBUTOR=lsb_release -i -s 2> /dev/null || echo Debian GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash nvme_core.default_ps_max_latency_us=0" GRUB_CMDLINE_LINUX=""

Uncomment to enable BadRAM filtering, modify to suit your needs

This works with Linux (no patch required) and with any kernel that obtains

the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)

#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

Uncomment to disable graphical terminal (grub-pc only)

#GRUB_TERMINAL=console

The resolution used on graphical terminal

note that you can use only modes which your graphic card supports via VBE

you can see them in real GRUB with the command `vbeinfo'

#GRUB_GFXMODE=640x480

Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux

#GRUB_DISABLE_LINUX_UUID=true

Uncomment to disable generation of recovery mode menu entries

#GRUB_DISABLE_RECOVERY="true"

Uncomment to get a beep at grub start

#GRUB_INIT_TUNE="480 440 1"

/etc/gai.conf:

# Configuration for getaddrinfo(3). # # So far only configuration for the destination address sorting is needed. # RFC 3484 governs the sorting. But the RFC also says that system # administrators should be able to overwrite the defaults. This can be # achieved here. # # All lines have an initial identifier specifying the option followed by # up to two values. Information specified in this file replaces the # default information. Complete absence of data of one kind causes the # appropriate default information to be used. The supported commands include: # # reload # If set to yes, each getaddrinfo(3) call will check whether this file # changed and if necessary reload. This option should not really be # used. There are possible runtime problems. The default is no. # # label # Add another rule to the RFC 3484 label table. See section 2.1 in # RFC 3484. The default is: # #label ::1/128 0 #label ::/0 1 #label 2002::/16 2 #label ::/96 3 #label ::ffff:0:0/96 4 #label fec0::/10 5 #label fc00::/7 6 #label 2001:0::/32 7 # # This default differs from the tables given in RFC 3484 by handling # (now obsolete) site-local IPv6 addresses and Unique Local Addresses. # The reason for this difference is that these addresses are never # NATed while IPv4 site-local addresses most probably are. Given # the precedence of IPv6 over IPv4 (see below) on machines having only # site-local IPv4 and IPv6 addresses a lookup for a global address would # see the IPv6 be preferred. The result is a long delay because the # site-local IPv6 addresses cannot be used while the IPv4 address is # (at least for the foreseeable future) NATed. We also treat Teredo # tunnels special. # # precedence # Add another rule to the RFC 3484 precedence table. See section 2.1 # and 10.3 in RFC 3484. The default is: # #precedence ::1/128 50 #precedence ::/0 40 #precedence 2002::/16 30 #precedence ::/96 20 #precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # #precedence ::ffff:0:0/96 100

scopev4

Add another rule to the RFC 6724 scope table for IPv4 addresses.

By default the scope IDs described in section 3.2 in RFC 6724 are

used. Changing these defaults should hardly ever be necessary.

The defaults are equivalent to:

#scopev4 ::ffff:169.254.0.0/112 2 #scopev4 ::ffff:127.0.0.0/104 2 #scopev4 ::ffff:0.0.0.0/96 14 precedence ::ffff:0:0/96 100

/etc/sysctl.conf:

# # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additional system variables. # See sysctl.conf (5) for information. #

#kernel.domainname = example.com

Uncomment the following to stop low-level messages on console

#kernel.printk = 3 4 1 3

##############################################################3

Functions previously found in netbase

Uncomment the next two lines to enable Spoof protection (reverse-path filter)

Turn on Source Address Verification in all interfaces to

prevent some spoofing attacks

#net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1

Uncomment the next line to enable TCP/IP SYN cookies

See http://lwn.net/Articles/277146/

Note: This may impact IPv6 TCP sessions too

#net.ipv4.tcp_syncookies=1

Uncomment the next line to enable packet forwarding for IPv4

#net.ipv4.ip_forward=1

Uncomment the next line to enable packet forwarding for IPv6

Enabling this option disables Stateless Address Autoconfiguration

based on Router Advertisements for this host

#net.ipv6.conf.all.forwarding=1

###################################################################

Additional settings - these settings can improve the network

security of the host and prevent against some network attacks

including spoofing attacks and man in the middle attacks through

redirection. Some network environments, however, require that these

settings are disabled so review and enable them as needed.

Do not accept ICMP redirects (prevent MITM attacks)

#net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0

or

Accept ICMP redirects only for gateways listed in our default

gateway list (enabled by default)

net.ipv4.conf.all.secure_redirects = 1

Do not send ICMP redirects (we are not a router)

#net.ipv4.conf.all.send_redirects = 0

Do not accept IP source route packets (we are not a router)

#net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route = 0

Log Martian Packets

#net.ipv4.conf.all.log_martians = 1

###################################################################

Magic system request Key

0=disable, 1=enable all, >1 bitmask of sysrq functions

See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html

for what other values do

#kernel.sysrq=438 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1

Update 2: So after investigation it turns out this issue has nothing to do with IPv6. Yes my network does not support IPv6 but it looks like I have other issues from my ISP, which has nothing to do with Ubuntu specifically since I am having the same issues on my android phone using the same network.

Thanks for everyone who helped and suggested ideas, and sorry to bother you about a wrong problem.

From the error message, this sounds like a routing issue... Please run ip -6 route and verify there is a default rout configured... you should see something like default via fe80::.... this is usually the IPv6 gateway which points to your routing device.... If no default IPv6 rout is configured then you need to fix it or otherwise no traffic goes through to the Internet from your machine. — Raffa, May 26 '21 at 18:29
I am getting this as the output of the command: ::1 dev lo proto kernel metric 256 pref medium fe80::/64 dev enp8s0 proto kernel metric 100 pref medium — Madno, May 26 '21 at 18:42
Yap :) ... As I expected... no default rout!... In your router device, find and enable IPv6 DHCP and reboot it then reboot your computer. Please note there is a bit more choices for IPv6 DHCP and you might need to refer to the manuals for your specific routing device. I am assuming it is the all in one device that you get from your ISP. — Raffa, May 26 '21 at 18:51
I checked and found that my ISP does not support IPv6, which seems to be part of the issue here. Still, shouldn't there be a redirection working automatically from IPv6 to IPv4? Is it normal that I can no longer install or update my system with apt because of this? — Madno, May 26 '21 at 18:56
In this case there is not much you can do... You need IPv6 routing capabilities also at the ISP level. Besides changing your ISP, you can have a look at 6to4 — Raffa, May 26 '21 at 19:06
I live in Turkey and no ISPs in the country support IPv6. I still don't understand why IPv6 websites are not falling back to IPv4 on my system? Is it normal that Ubuntu is basically no longer usable in the country? And why did this happen only 2-3 days ago? — Madno, May 26 '21 at 19:30
The fallback happens if the website offers an A record in addition to the IPv6 AAAA record and Ubuntu or any other OS cannot fallback if that record is missing. This issue has more to do with the Internet than with the OS... Too much to explain in a comment... If you would like me to explain more, please let me know and I will post an answer. — Raffa, May 26 '21 at 19:56
By the way hepsiburada.com does not seem to have an IPv6 address but rather an IPv4 one ----> 185.92.215.200 so you should be able to connect to it using your current ISP but I have to say their DNS records are not in best shape :) — Raffa, May 26 '21 at 20:03
It is not just hepsiburada.com but also some other websites like yurticikargo.com and suratkargo.com.tr. Even Google sometimes does not load for hours. And since my apt does not work on my system as well I thought it is an IPv6 issue but I don't know it could be something else? I have to add that sometimes (after like 50 tries) these websites work with me, but apt never worked. — Madno, May 27 '21 at 08:43
You say in an edit your ISP does not support IPv6. The most obvious solution is to switch to a different ISP that supports IPv6. If you are not comfortable doing so, you can also kindly ask your current ISP to add support for IPv6 and check for updates once in a while at https://test-ipv6.com/. Also check if you can use IPv6 in your local network using ping in the terminal. If you can't ping to an IPv6 address that is on your network (like the default gateway), this is an issue on your network and you should probably configure IPv6 addresses for your router and pc. — Irsu85, May 27 '21 at 12:57
All three sites you mentioned (hepsiburada.com, yurticikargo.com and suratkargo.com.tr) resolve as purely IPv4 addresses (I checked this on three different systems with different DNS servers). So your issues seems rather DNS related than IPv6 related, as these sites don't use IPv6... — raj, May 27 '21 at 21:57
You can check how domain names are resolved on your system with resolvectl query and use it like so resolvectl query google.com and you can check the route to the destination website with traceroute and use it like so traceroute google.com ... I would investigate with these two tests before attempting any system changes... The issue might be from your ISP and not your system... I t would help as well to connect to your mobile phone or any other ISP available to you and see if the issue persists. — Raffa, May 28 '21 at 12:50
You are all right, it turns out I was wrong on thinking it is an IPv6 issue. I updated the question accordingly. I am new to the site so should I close this question or award the +200 to the top upvoted solution or... ? — Madno, May 28 '21 at 17:15

sancho.s ReinstateMonicaCellio · Answer 1 · 2021-05-28T20:56:05.847

A few notes that may help. You would increase your chances of killing the issue if you post prompt feedback.

Possible solutions / things to try

EDIT If your computer is portable, try doing the same from a different location. This shows a case with similar symptoms as yours, with hardware as s source of problems. Or you can use you cell phone as USB tethering.
EDIT Same as above, from a place with a combination ISP/router that supports IPV6 and has it enabled.
Suppress IPV6 (necessary if IPV6 is definitively not available)

1.1. Add ipv6.disable=1 to the value of GRUB_CMDLINE_LINUX_DEFAULT (usually having the value "quiet splash") in grub. Use
```
$ sudo nano /etc/default/grub
<EDIT>, <SAVE>
$ sudo update-grub
```
1.2. Reboot.
Suppress IPV6. Append to /etc/gai.conf the following line:
```
precedence ::ffff:0:0/96  100
```
or uncomment it if it exists.

Suppress IPV6 (source). Use (I am not sure the last command is needed)

$ sudo nano /etc/sysctl.conf
<EDIT>, <ADD LINES BELOW>, <SAVE>
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
$ sudo sysctl --load
$ sudo systemctl restart networking

Suppress IPV6 only for apt-get. Add -o Acquire::ForceIPv4=true when running apt-get. Or make it permanent as in here.

Extra helpful info

Please post in the question the output of the following commands

cat /etc/default/grub
cat /etc/gai.conf
cat /etc/sysctl.conf
EDIT cat /etc/apt/sources.list
EDIT inxi -N
EDIT lspci -knn | grep Net -A2

Please add info on the following points

You mention "suddenly I can't browse websites which has their IP addresses as IPv6". Were you able to browse those same sites before? With the same software and hardware that you currently cannot? Can you identify any change in between?
EDIT Brand/model of your computer.
EDIT Outcome of (renumbered) items 1 and 2 above.

I applied all the steps but with no luck. By the way I get errors like sysctl: cannot stat /proc/sys/net/ipv6/conf/lo/disable_ipv6: No such file or directory in step 3. As for your question yes; I was able to browse the websites and update my system normally. No change on any hardware or software. — Madno, May 27 '21 at 08:32
@Madno - Please see edited answer and post info, also item 3. It is best if you post that in the question, with proper markdown formatting. Also, do you still get the exact same error with apt update? Please try using sudo apt-get update if you did not do it yet. — sancho.s ReinstateMonicaCellio, May 27 '21 at 13:24
Yes it was. I added the files you requested to the question. I ran apt-get as well and I got the same error: https://askubuntu.com/questions/1340966/connection-to-ppa-launchpad-net-not-private — Madno, May 27 '21 at 15:04

score 1 · Answer 2 · answered May 26 '21 at 17:14

1

Try removing iface eth0 inet dhcp and iface eth0 inet6 dhcp from /etc/network/interfaces. Network Manager will receive an IPv6 address if it is available.

If you have to use manual configuration in /etc/network/interfaces, the correct setting for IPv6 will be iface eth0 inet6 auto since in many cases DHCPv6 is not used on a router. The most common is SLAAC configuration.

answered May 26 '21 at 17:14

SirStopIt

13

/etc/network/interfaces is an empty file on my system. – Madno May 26 '21 at 17:27
Ah, I don't know then. Sorry my guy. – SirStopIt May 26 '21 at 17:28

score 1 · Answer 3 · edited May 28 '21 at 08:14

1

First check whether IPv6 is disabled on your system by running this command in your Terminal:

ip a | grep -i inet6

If the output of that command is blank, that means IPv6 is disabled and needs to be re-enabled. If it is not blank, that means IPv6 is enabled on your system and the issue could be at a router or provider level. You can enable IPv6 by running these commands:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
sudo sysctl -p

edited May 28 '21 at 08:14