90

When I run apt-get update on my machine it gets stuck at:

100% [Connecting to security.ubuntu.com (2001:67c:1562::15)] [Connecting to archive.canonical.com (2001:67c:1360:8c01::16)]

I have made no recent changes to the system and use my home network which worked fine previously.

I can't explain why it switched to using IPv6.
I have IPv6 set to ignore for the wireless network:

enter image description here

Ouput of ip addr:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: mlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 4c:0b:be:22:0a:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.106/24 brd 192.168.2.255 scope global dynamic mlan0
   valid_lft 1814086sec preferred_lft 1814086sec
inet6 ::d5:b551:28db:2789:225/64 scope global temporary dynamic 
   valid_lft 604483sec preferred_lft 85483sec
inet6 ::d5:4e0b:beff:fe22:ab4/64 scope global mngtmpaddr dynamic 
   valid_lft 604779sec preferred_lft 86379sec
inet6 fe80::4e0b:beff:fe22:ab4/64 scope link 
   valid_lft forever preferred_lft forever
Pabi
  • 7,401
  • 3
  • 40
  • 49
  • Change the IP addressing to IPv4 and then try again.. – heemayl May 06 '15 at 22:33
  • Why are you using IPv6? Like heemayl said, change to using IPv4, under Network Settings>[Adapter]>Advanced. – TheWanderer May 06 '15 at 23:32
  • I don't know why it switched to IPv6. I added additional information. – Pabi May 07 '15 at 07:39
  • possible duplicate of get apt-get stop using ipv6 – muru May 07 '15 at 07:44
  • 1
    It looks as if you may have a host sending router advertisements with 0:0:0:d5::/64. This range is listed as reserved by IETF, so that is definitely not a valid prefix to be advertising. If those RAs have stopped already, it may be impossible to find out, where they came from. In that case all you can really do is to restart the network interface and the problem goes away. If the RAs are still being send, then you can look at a packet capture to see which MAC they are coming from. – kasperd May 07 '15 at 08:39
  • 1
    Other than the misconfigured IPv6 connectivity, another contributor to your problem is the lack of RFC 6555 support in apt-get. Had apt-get followed RFC 6555, you would never have noticed any problem. – kasperd May 07 '15 at 08:43
  • 1
    Your local router is doing something wrong, and giving you invalid IPv6 addresses. Check and fix the router's configuration. – Michael Hampton May 07 '15 at 19:40
  • Best solution to the problem found here: http://askubuntu.com/questions/574569/apt-get-stuck-at-0-connecting-to-us-archive-ubuntu-com – MQ87 Aug 17 '15 at 11:25
  • For posterity... Thinking "I don't have any reason to use IPV6 yet" I deleted a firewall security definition (openstack) to allow IPV6 Egress. Oops. Recreating that rule (then cancelling and restarting the update) allowed the update to proceed as normal, with no changes to local config files. Note: In this example there was Not a problem with apt or with v4/v6 preferences. I suspect we'll see more of this as time goes on and v6 gets more use. – TonyG Oct 23 '18 at 19:06

5 Answers5

205

This worked for me, courtesy of Zach Adams (https://zach-adams.com/2015/01/apt-get-cant-connect-to-security-ubuntu-fix/):

Turns out this is an issue where connecting over IPv6 on some servers causes them to get stuck at this point. The fix is really simple.

Open /etc/gai.conf

Under the line

# For sites which prefer IPv4 connections change the last line to

Uncomment the following line by removing the #:

# precedence ::ffff:0:0/96 100

This will allow you to still use IPv6 but sets IPv4 as the precedence so that apt-get won’t get stuck.

Elder Geek
  • 36,023
  • 25
  • 98
  • 183
Eaten by a Grue
  • 2,542
30

The IPv6 setting for the network were ignored, but disabling IPv6 via /etc/sysctl.conf worked:

Add the following lines at the bottom of /etc/sysctl.conf: 

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Run sudo sysctl -p to reload the /etc/sysctl.conf settings.

Fabby
  • 34,259
Pabi
  • 7,401
  • 3
  • 40
  • 49
  • 7
    That's not how you should be doing. Those lines means once you connect to a network, which actually has IPv6, you'll get a less reliable connection than you were supposed to. Also, those lines do nothing to fix the root cause of your problem, which you haven't even identified. – kasperd May 07 '15 at 08:33
  • 2
    I do not need IPv6 anywhere so this works just fine. – Pabi May 07 '15 at 08:42
  • That's a common myth. Reality is that in a couple of months, Africa will be the only region of the world, which have not run out of IPv4 addresses. – kasperd May 07 '15 at 08:53
  • Yes for non private ip adresses. But on small networks like my home network I wil always use IPv4. – Pabi May 07 '15 at 09:11
  • 4
    That's just silly, because for connecting to hosts on the same network segment there are multiple advantages in IPv6 link-local addresses compared to IPv4. – kasperd May 07 '15 at 09:39
  • That may be true but none of this advantages will be big enough to make me rember IPv6 adresses. – Pabi May 07 '15 at 09:49
  • That's another myth. The only IPv6 addresses which are really relevant to remember are ::1 and ff02::1. All other addresses you get through DNS. – kasperd May 07 '15 at 11:29
  • If you setup DNS. For my home computers, routers and all other devices tehre is no DNS. And I would think 99% of peapoile use IPx4 for private networks. – Pabi May 07 '15 at 12:00
  • If you can't remember the IP of a device, you can just ping ff02::1 and pick it from the list of devices that respond. That's easier than remembering even the IPv4 address of each device. – kasperd May 07 '15 at 12:57
  • 2
    Can't do that from my phone ;) Lets just agree that we disagree. – Pabi May 07 '15 at 13:00
  • 4
    Do what you want to do. I just comment to ensure that anybody else who might come across the same problem knows that making the suggested changes to sysctl.conf is going to cause problems eventually. – kasperd May 07 '15 at 13:10
21

A better approach is to use apt-get as follows instead of editing gai.conf file.

sudo apt-get -o Acquire::ForceIPv4=true update

If you want to make this persistent just add an alias for 'apt-get' in your bash file.

Vinay Sheshadri
  • 341
1

Other solutions did not help ... in my case I created an aws ec2 instance Ubuntu 18.04 using

Auto-assign Public IP -> no pick disable

after trying all suggested solutions I threw up my hands and killed that and created a new ec2 instance using

Auto-assign Public IP -> yes  Use subnet setting (Enable)

and it worked fine ... apt-get update && apt-get upgrade are happy now

Scott Stensland
  • 15,575
1

On WSL(Ubuntu) this can be caused by some Antivirus rule related to wsl, preventing outbound plain-http access.

Marinos An
  • 195