I was creating a new web site dogstarplanet.com and as I was installing it on my IPv6 enabled host I thought I would setup the A and AAAA records for the same CNAME.
Windows based PCs without any IPv6 routing obviously ignore any AAAA records and the browser connects to the site as expected but an Ubuntu desktop I was using was unable to get to the site – both Firefox and Opera not connecting.
I loaded Wireshark to see if my traffic was leaving and though I could see the DNS queries for AAAA and A records there was no TSP traffic (Tunnel Setup Protocol) to the freenet6.net IPv4 address (I’m using gogoc package out of the box). This means that the browser connection was not getting to the tunnel interface. This means firewalling or kernel.
If I run the Firestarter then I also see the tun (routed IP tunnel) but no traffic passes (note: that I have since removed Firestarter and now run Gufw).
Well the IPv6 is in the kernel but I had ufw enabled and that doesn’t have IPv6 enabled by default so you get the error message if you try and use ping6 of e.g.
ping6 ipv6.google.com ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ...
If it is safe you can quickly test this is your problem by turning off the ufw with the command,
sudo ufw disable
Now your ping6 should work. If it does not then you have a tunnel problem. Use the command netstat -rn6 to see if you have tun entries.
It is easy to enable IPv6 in ufw by editing /etc/default/ufw and towards the top there is a line of IPV6=no which you change to IPV6=yes
Save that and then disable and then enable the firewall i.e. sudo ufw enable or do a sudo ufw reload if it was still running.
Now you will be able to ping6 and connect to IPv6 enable hosts using a browser. Note that when you ping6 then there is a PTR query (that you would only see in wireshark) and you may get a no such name response if you have not configured your host DNS records right so if you are committed to setting up IPv6 on your host then please check you have added a suitable DNS PTR entry for the dotted nibble PTR part of your IPv6 address. Very few protocols, perhaps only mail connections and obviously ping6, use IPv6 PTR queries.