Posts tagged IPv6
I have Cacti installed so that I have pretty graphs (CPU/load/memory/disk/network) for all my servers (VPS) in one place. I just enabled full IPv6 on one of them and Cacti stopped working. The problem wasn’t Cacti though, it was the server it was now trying to contact through IPv6.
As I only need SNMP for Cacti, the snmpd.conf file on all my servers is very simple, just:
However for IPv6 that isn’t enough. On Ubuntu 14.04 (what the server is running) snmpd will only work on IPv4 this way. I quickly found out you can use an agentAddress directive in the snmpd.conf file to enable the daemon to listen on IPv6, but more changes are required if you want to actually return data through IPv6. As it turns out the “rocommunity” directive is apparently also IPv4 only.
The final solution was this:
agentAddress udp:161,udp6:161 rocommunity public rocommunity6 public
Warning: above configuration will cause snmpd to listen on all network interfaces. Be sure to lock down access to UDP port 161 in your firewall to only authorized hosts. And make sure your firewall supports IPv6.
If you have a recent distribution of Linux, you might find the message “IPv6 addrconf: prefix with wrong length 48” repeated a lot in syslog. If you Google this error message you’ll quickly find that this is because IPv6 auto configuration (sort of like DHCP) is failing. Now if you don’t want to bother with IPv6 yet or if you use static IPv6 (like my servers do) you don’t need IPv6 auto configuration.
A quick fix to solve the problem (as mentioned on sites like these) is to run the following commands:
echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
And yes, that solves the problem – until the next reboot that is. The permanent solution mentioned on that site however, does not work (as also confirmed by this IPv6 howto). The reason is that referring to all network interfaces using “all” in the following lines in /etc/sysctl.conf somehow doesn’t work:
net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.all.accept_ra = 0
The simple solution is to refer to each network interface specifically. My servers have both eth0 and eth1 (2 NICs) so I setup /etc/sysctl.d/ipv6.conf as follows:
net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.eth0.accept_ra = 0 net.ipv6.conf.eth1.autoconf = 0 net.ipv6.conf.eth1.accept_ra = 0
If you have only one network interface, you can omit the “eth1” lines. Alternatively you can use pre-up commands as described in the IPv6 howto, though I think my solution is prettier.