Finally, I switched on IPv6 in my home network.
All devices (Windows and Android) are working well.
Only my PC running Leap 42.3 is making trouble.
At first everything seems good.
IPv6 connections are working.
But after some time, IPv6 connections will stop (timeout?).
IPv4 continues to work.
As root I can do “ifdown eth0” and “ifup eth0” to get IPv6 running again…until it fails again.
I have no clue where to start searching for this problem.
Any idea is welcome.
Thank you
Frank
As with any network connection the more details about the problem, “will
stop” in your case, the better. Timeout implies that connections are
made, established, ongoing; to or from what are those connections made?
Are they continually used, or could they be timing out due to inactivity?
Based on a fix by restarting (for lack of a better term) your network
device, I’m guessing timing out is less applicable, as it sounds like new
connections also may not work until this is done. If that is the case,
the regular OSI seven (7) layer model comes into play. Is the NIC plugged
in and does the physical layer work? Sure, no need to do that. Next we
have the data link layer, which you are effectively restarting with the
“if” commands. Those also likely remove and add IP addresses, so are
those present properly before that happens? Let’s get some output from
before/after the fix:
ip route
ip addr
ip -s link
Also, are you testing connections locally or outside your network (beyond
the router), and if so, are you doing so by IP or DNS?
You can see the state of connections using netstat or ss:
sudo /usr/sbin/ss -planeto
Doing this when things work, as well as when they do not work, could be
useful. If all you see are IPv4 addresses when things work, and IPv6
addresses when they break, then that may be a good sign that IPv6 is never
working, but IPv4 is covering for it.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Thank you for your suggestions.
As long as everything is fine ipv6-test.com tells me I have IPv4 and IPv6 connectivity.
When the error happens ipv6-test.com tells me I have IPv4 but no IPv6 connectivity.
The IPv6 error happens when surfing the web, i.e. having outside connections using DNS.
After doing ifdown/ifup ipv6-test.com tells me I have IPv4 and IPv6 connectivity.
Let’s have a look what the three “ip” commands tell us.
When the error occurs:
frank@pc2014:~> ip route
default via 192.168.10.1 dev eth0 proto dhcp
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.4
frank@pc2014:~> ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d8:50:e6:3c:3f:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.4/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a02:1206:4554:51e0:d85e:3555:a9ed:f559/64 scope global temporary dynamic
valid_lft 86369sec preferred_lft 14369sec
inet6 2a02:1206:4554:51e0:da50:e6ff:fe3c:3f63/64 scope global mngtmpaddr dynamic
valid_lft 86369sec preferred_lft 14369sec
inet6 fe80::da50:e6ff:fe3c:3f63/64 scope link
valid_lft forever preferred_lft forever
frank@pc2014:~> ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
1240669 3047 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1240669 3047 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether d8:50:e6:3c:3f:63 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
64331499 75178 0 0 0 1667
TX: bytes packets errors dropped carrier collsns
8050630 48891 0 0 0 0
After doing ifdown/ifup:
frank@pc2014:~> ip route
default via 192.168.10.1 dev eth0 proto dhcp
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.4
frank@pc2014:~> ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d8:50:e6:3c:3f:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.4/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a02:1206:4554:51e0:d85e:3555:a9ed:f559/64 scope global temporary dynamic
valid_lft 86365sec preferred_lft 14365sec
inet6 2a02:1206:4554:51e0:da50:e6ff:fe3c:3f63/64 scope global mngtmpaddr dynamic
valid_lft 86365sec preferred_lft 14365sec
inet6 fe80::da50:e6ff:fe3c:3f63/64 scope link
valid_lft forever preferred_lft forever
frank@pc2014:~> ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
1308542 3502 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1308542 3502 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether d8:50:e6:3c:3f:63 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
64577647 76022 0 0 0 1713
TX: bytes packets errors dropped carrier collsns
8146158 49602 0 0 0 0
“ss -planeto” always shows IPv4 and IPv6 connections.
I do not see anything suspicious.
Do you?
What shall I do next?
Cheers
Frank
Disclaimer: I am not an IPv6 expert.
Your output, to me, looks mostly okay, and the only things I question are
things for which I lack answers. For example, your IPv6 addresses look
fine before/after, though there is a change. Does that matter? I do not
think so, but we’d probably need to dig deeper to work out the answer
conclusively. Also, I do not see any IPv6 route, which makes me wonder if
that is wrong, but then again it does not show up before or after, so
maybe it is not needed (that seems really odd) or else it is just not
shown by default, so perhaps we should verify that:
ip -6 route
Next we can also ask the routing table how it would reach somewhere, like
google.com, via IPv6:
dig +short -t AAAA google.com
#The resulting IPv6 address is 2607:f8b0:4005:805::200e for me
ip route get 2607:f8b0:4005:805::200e
Does that, both when working and broken, return something interesting?
The IPv4 way does on my laptop, so I would expect the IPv6 way on your
system to work similarly, showing you the route to that system.
Since you always see established IPv4 and IPv6 connections, that makes me
think the problem may be with setting up new connections more than keeping
the current ones, unless those established connections are stale or
something. Are any of them things you can verify still work, like active
SSH connections or something through which you could send a couple
characters to ensure it is not showing as present but really does not have
any way to get data through?
I thought you mentioned local things worked via IPv6, but maybe that was
somebody else or another thread. Either way, using something like ‘ping6’
can you reach local boxes even when you cannot get to outside boxes
(google.com, ipv6-test.com, or others)? If that is the case, then we can
maybe focus on how data get outside your network; perhaps your router
needs to have the IPv6 address refreshed periodically or else it stops
routing new stuff. If while not able to access the Internet via IPv6 you
can still access local boxes, that means we should probably check the
router next. While testing connections with ping6, also try the router,
which I presume has an IPv6 address of its own.
Another useful command is ‘ip neigh’ which shows MAC addresses for various
IPs. Some IPv6 addresses (including one of yours) is based on the MAC
address, but it would be useful to see ‘ip neigh’ output before/after
things break or are fixed again.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Suggesting a wild guess…
What kind of DNS are you using, one that provides both IPv4 and IPv6 name resolution?
Maybe try pointing to a DNS that provides only IPv6 name resolution, that would force IPv6 to always be used.
You may also want to clear your name cache (restart the daemon) when you start trying to force IPv6.
Speculating that your IPv6 connectivity might be unused only because it’s not used (That’s some circular logic).
TSU
You write
“For example, your IPv6 addresses look fine before/after, though there is a change.”
Which change are you referring to?
Here are the results for a working IPv6 connection:
frank@pc2014:~> ip -6 route
2a02:1206:4554:51e0::/64 dev eth0 proto kernel metric 256 expires 86376sec mtu 1472 pref medium
fe80::/64 dev eth0 proto kernel metric 256 mtu 1472 pref medium
default via fe80::e63e:d7ff:fe7a:95f6 dev eth0 proto ra metric 1024 expires 156sec mtu 1472 hoplimit 64 pref high
frank@pc2014:~> dig +short -t AAAA google.com
2a00:1450:4002:807::200e
frank@pc2014:~> ip route get 2a00:1450:4002:806::200e
2a00:1450:4002:806::200e from :: via fe80::e63e:d7ff:fe7a:95f6 dev eth0 proto ra src 2a02:1206:4554:51e0:da50:e6ff:fe3c:3f63 metric 1024 mtu 1472 hoplimit 64 pref high
And here for a broken connection:
frank@pc2014:~> ip -6 route
2a02:1206:4554:51e0::/64 dev eth0 proto kernel metric 256 expires 86392sec mtu 1472 pref medium
fe80::/64 dev eth0 proto kernel metric 256 mtu 1472 pref medium
default via fe80::e63e:d7ff:fe7a:95f6 dev eth0 proto ra metric 1024 expires 172sec mtu 1472 hoplimit 64 pref high
frank@pc2014:~> dig +short -t AAAA google.com
2a00:1450:4002:806::200e
frank@pc2014:~> ip route get 2a00:1450:4002:806::200e
2a00:1450:4002:806::200e from :: via fe80::e63e:d7ff:fe7a:95f6 dev eth0 proto ra src 2a02:1206:4554:51e0:da50:e6ff:fe3c:3f63 metric 1024 mtu 1472 hoplimit 64 pref high
I do not have any SSH connections.
Here is an interesting observation.
Despite working IPv6 and ipv4 connections, for some time neither ping nor ping6 would work for destinations outside my home net.
A few minutes later both suddenly worked well.
I have not changed anything.
When the IPv6 failed, ping6 would stop working. ping continues to run well.
And even more interesting:
After a few minutes IPv6 would work again without any intervention.
I do not know if I just waited longer than all the other times when IPv6 failed (this time I got distracted and did something else).
@tsu2
I use the DNS server automatically assigned by my provider.
It provides IPv4 and IPv6.
Could you please elaborate a little on how I change the DNS server and restart the daemon (which?)
Thank you
Frank
There are many lists of public DNS servers.
Generally, Tier 1 DNS are supposed to be used only by networks with their own DNS and Tier 2 can be used by anybody including end users but nowadays I see less of this requirement. Oftentimes today, there is no distinction and many DNS can be used by anyone.
So, for example
Here are some of the top lists returned by a Google search and AFAIK each list has a good reputation.
Each DNS server has at least one address associated with it, IPv4 and/or IPv6.
If you want to generally force IPv6, you can choose a DNS server from one of these lists that has only an IPv6 address… Since your machine will resolve only IPv6 addresses those will be the only connections that will be made
https://servers.opennicproject.org/
https://public-dns.info//nameserver/us.html
https://www.lifewire.com/free-and-public-dns-servers-2626062
Of course,
Don’t use any DNS server you can’t trust, setting up an untrustworthy DNS server is probably one of the easiest ways to set up phishing sites.
TSU
Thinking outside the box (bad pun): I assume the linux system is wired. Is the Windows system wired or wireless? If the linux box is wired and the Windows box is wireless I would try two things:
Just unplug the network cable and plug it back in. If that does nothing then reboot the switch/router.
Again that could lead you down a rabbit hole, but it is something I would try. Your millage may vary 
Thank you for your suggestions.
I tried a couple of things.
IPv4 is definitely always working.
IPv6 is definitely working…when it’s working…
A further observation:
When IPv6 is working, “tracepath6 google.com” will show the LOCALHOST, my router and several other addresses.
When IPv6 fails, “tracepath6 google.com” will only show the LOCALHOST. The rest is just “no reply”.
Hence, IPv6 traffic is either not even reaching my router or my router messes it up.
Since other devices in my network do not show problems, I guess (!!!) my router is not the problem.
But do you have an idea how to be sure (!!!) that my router is fine and my Linux box is making trouble?
Cheers
Frank
@d3vnull
Indeed, not bad that idea of unplugging the cable.
My first try would not have any influence; I unplugged and re-plugged the cable rather rapidly.
My second try would help; I unplugged the cable, waited >30sec and re-plugged the cable.
An interesting extra observation using “netstat”:
I recognized that my IPv6 connections would remain in state “SYN_SENT” when IPv6 is not working.
I wonder if I have something like a bufferbloat problem.
Cheers
Frank
I told you I was going to lead you down a rabbit hole, because does that reset the interface on the switch or the interface on the system? You are probably going to have to get advice from one of the guru’s on here about if the interface is set to come up on recognizing a link and goes down with no link is that the same as ifup/ifdown? The next question is if you set the interface to be up at boot does that force it to not reset at unplug/plug? The guys who have looked at that code will know more about that than I would.
The other option, if you have a USB port, and a USB NIC, or if the NIC is a dual port does a different port solve the issue.
From your openSUSE ping your router’s IP6 address
ping -G *IPv6_address*
And, if you have the ability to do an IPv6 ping from the router, do that.
If you have other machines in your LAN, ping each other, too.
If your openSUSE can ping other machines in your LAN but not the router, then that’ll tell you that your openSUSE IPv6 is working.
You can also use nslookup to see how Internet Domain names are resolving…
If you see IPv4 addresses returned, then you’ll know that something is still wrong with your DNS setup.
TSU
Sorry for the late reply. I didn’t find time to investigate further.
Ping from my router is not possible.
Though I think I found the problem.
Actually, my Linux PC is behind a wireless bridge; it’s wired to the bridge.
While the bridge supports IPv6, support does not seem flawless.
Maybe it’s also not powerful enough.
I recognized considerably more IPv6 problems, when some wireless clients are connected to the bridge.
It seems to start dropping IPv6 packets.
Cheers
Frank