Bug 136852
Summary: | ping6 gives "connect: invalid argument" for link-local (FE80) addresses | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bruce Orchard <orchard> |
Component: | net-tools | Assignee: | Radek Vokál <rvokal> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2 | CC: | adam.hawthorne, mpeschel10 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-11-25 12:59:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bruce Orchard
2004-10-22 18:32:57 UTC
Fedora core 2.92 (test release of core 3) does the same thing. Please see the posting here - http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-01/0013.html . The point is that link-local adress can't be used in this way. You'd better set a different global ipv6 adress to eth0 or specify device used for ping - ping6 -I eth0 fe80:: ... (In reply to comment #2) > Please see the posting here - > http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-01/0013.html > . The point is that link-local adress can't be used in this way. You'd > better set a different global ipv6 adress to eth0 or specify device > used for ping - ping6 -I eth0 fe80:: ... I ran across this bug report looking for a solution to the same problem, but I discovered another solution, so I'm sharing for posterity. Another way to do this is to use the zone index (%<iface>), e.g.: ping6 fe80::a00:20ff:fe9d:5c55%wlan0 or ping6 fe80::a00:20ff:fe9d:5c55%eth0 In the linked article, he says you can't specify the interface with ssh, but I think most tools supports the zone index in the IPv6 address. On my system, 'ssh my-link-local-address' fails, but 'ssh my-link-local-address%eth0' succeeds. Hope that helps someone else who's searching for this. This bug report is now the first Google result for "ping6 link local invalid argument". Therefore, it is worth keeping updated for posterity. The link provided by Radek Vokál is now dead. The most recent capture on the internet archive appears to be https://web.archive.org/web/20170319155534/http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2004-01/0013.html Here is a copy of the main content from that link: Date: Tue, 6 Jan 2004 22:14:43 -0500 To: David Diep <diep.co.jp> On Tue, Jan 06, 2004 at 11:17:47AM +0900, David Diep wrote: > Hi, > I have a problem with ssh and ipv6. > My host has the following address fe80::200:e2ff:fe28:3a85 > I can execute properly > # ssh -6 ::1 > However when I use the host ipv6 address > # ssh -6 fe80::200:e2ff:fe28:3a85 > I get an "Invalid argument" error. Do you know what my problem is? You are using a "Scope:Link" address (i.e. Link Local address). That's all of the fe80::/16 space. It's NOT guaranteed to be unique between subnets. Consequently, you are very restricted in what you can do with them. You can't even ping them unless you specify the interface to the ping6 command (which you can not do for ssh). Solution... Configure a "Scope:Global" address or "Scope:Site" address and use that. Scope:Site is sort of like (almost) the private IPv4 space, it can't be routed to the global IPv6 space but it is unique within your space. For site local, just change the "fe80" to "fec0" in your address and add it to your interface configuration file on the server and on the client (use the correct address from each interface from ifconfig). Then you can connect to it from your client (assuming they are both on the same SLA - SLA 0 and assuming you do the same thing for the client address). Better yet, if you haven't already, get a global prefix, either a 6Bone [3ffe::/16] (yes, I know it's due to be retired - in 2006, maybe) or on the IPv6 production internet [2001::/16]. My network is 2001:470:104::/48. Check out Freenet6 <http://www.freenet6.net> for 6Bone or Hurricane Electric <http://www.tunnelbroker.net> (v6 Internet) for getting hooked up with a real prefix if you are in North America. IAC, check out "IPv6 Style" <http://www.ipv6style.jp> for a lot more information on getting started with IPv6. You got a bit more to cover to get up and flying with IPv6. Like you should NOT be using Link Local addresses for anything in user space (they're primarily used in the kernel and lower level protocol stuff for things like neighbor discovery and router solicitation. You can use them with certain apps, like ping6, IF you know what you are doing. But not with apps which don't understand what you are doing. IPv6 is incredibly easy to set up and get working (I do damn near everything over IPv6 lately) but it is not (I REPEAT - IT IS NOT) merely IPv4 with bigger addresses. Some things, like address scopes, are just not the same thing at all. > I am using: Linux Kernel 2.4.20 Openssl-0.9.6k Openssh-3.7.1p1 > Best Regards, > David Mike -- Michael H. Warfield | (770) 985-6132 | mhw /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! |