How to resolve IPv6 connection issues on Dedibox servers
Before you start
To complete the actions presented below, you must have:
- A Dedibox account logged into the console
- A Dedibox dedicated server
- An RPN SAN
- A requested /48 IPv6 prefix
- Configured the systemd-networkdDHCPv6 client
How to debug IPv6 connection issues from rescue mode
If you experience IPv6 connection issues, you can test the network connectivity from rescue mode.
To test IPv6 connectivity on your server in rescue mode, reboot the server into "Ubuntu rescue" mode. The dhclient is preinstalled in these images.
- Get the name of your internet interface using the following command:
ip address show
- Create a file to contain your DUID. The DUID is a unique "key" allowing access to your IPv6 prefix. You can find your DUID in your console.
sudo nano /etc/dhcp/dhclient6.conf
- Paste the following code into the file, editing the interface name (here eno1) and the DUID (hereDUID) before saving the file and exiting the editor:interface "eno1" { send dhcp6.client-id DUID; }
- Start the DHCPv6 client using the configuration file you created. Replace eno1with the name of your internet interface:dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eno1
- Add an IPv6 address to your network interface. Replace eno1with the name of your internet interface andIPV6ADDRESS/PREFIXLENGTHwith an IPv6 address from your prefix and the length of your prefix:/sbin/ifconfig eno1 inet6 add IPV6ADDRESS/PREFIXLENGTH
- Use ping6to validate the IPv6 connectivity of your server:ping6 ipv6.google.com
How to debug IPv6 connection issues in normal mode
If you experience IPv6 connection issues, start by verifying the internet interface name in your configuration. You can check the names of your interfaces using the following command:
ip address showAdditionally, your server needs to be configured to accept RA (Router Advertisement). By default, your server will not forward packets from one interface to another if it is automatically configured (through DHCPv6).
If you need to forward IPv6 packets and use an automated configuration, set net.ipv6.conf.all.accept_ra to 2 in /etc/sysctl.conf. This is useful for hypervisor hosts such as Proxmox.
Additional methods to debug IPv6 connection issues
Check IPv6 route table
Ensure that your server has the correct IPv6 routes. Use the following command to check the IPv6 route table:
ip -6 route showLook for default routes and specific routes to your IPv6 network.
Check the Neighbor Discovery Protocol (NDP)
Check the neighbor cache to ensure proper communication with the router:
ip -6 neigh showUse traceroute6 for path analysis
Analyze the path to an external IPv6 address to identify where the connection might be failing:
traceroute6 ipv6.google.comCapture IPv6 traffic with tcpdump
Capture and analyze IPv6 traffic to troubleshoot issues:
tcpdump -i eno1 -nnvvS ip6Replace eno1 with your network interface name.
How to avoid DHCPv6 floods
In some cases, certain DHCPv6 clients may send several requests per second (especially dhcp6c). This can trigger blocking of your server's network port by our automatic protection, as it will be seen as a source of a UDP flood.
To avoid this problem, limit the traffic sent from your dhclient6 directly in your firewall configuration. Here is an example for IPTABLES:
ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min --limit-burst 5 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 547 -j DROP