Ver: Mail Gateway 8.1.2
I have a strange issue with a newly built PMG with IPv6 and certain web interface admin pages not operating correctly. I've done plenty of searching and while there are plenty of threads about IPv6, that's more about it not working at all where here it's only the web interface.
Yesterday I tried to activate the subscription and that was timing out, also adding an ACME account for certificates was timing out too.
It's dual stack with static IPv4 address and the inet6 is auto, see interfaces file:
auto lo
iface lo inet loopback
auto ens192
iface ens192 inet static
address 172.16.10.51/24
gateway 172.16.10.254
iface ens192 inet6 auto
source /etc/network/interfaces.d/*
ip address returns:
ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:84:47:d4 brd ff:ff:ff:ff:ff:ff
altname enp11s0
inet 172.16.10.51/24 scope global ens192
valid_lft forever preferred_lft forever
inet6 dead:beef:a001:0:250:56ff:dead:beef/64 scope global dynamic mngtmpaddr
valid_lft 86329sec preferred_lft 14329sec
inet6 dead:beef:a001:100:250:56ff:dead:beef/64 scope global dynamic mngtmpaddr
valid_lft 86180sec preferred_lft 14180sec
inet6 fe80::250:56ff:fe84:47d4/64 scope link
valid_lft forever preferred_lft forever
ip -6 route returns:
dead:beef:a001::/64 dev ens192 proto kernel metric 256 expires 86179sec pref medium
dead:beef:a001:100::/64 dev ens192 proto kernel metric 256 expires 86292sec pref medium
fe80::/64 dev ens192 proto kernel metric 256 pref medium
default via fe80::250:56ff:fe84:a23a dev ens192 proto ra metric 1024 expires 1692sec hoplimit 64 pref medium
default via fe80::250:56ff:fe84:4cfa dev ens192 proto ra metric 1024 expires 1579sec hoplimit 64 pref medium
The boxes (there are two in a cluster and both are affected by the same issue, but just focusing on one) are behind two pfSense firewalls with WAN getting ipv6 via DHCP6 with prefix delegation of 56. The LAN interface is tracking WAN. The firewalls RA was configured as Assisted (Will advertise this router with configuration through a DHCPv6 server and/or SLAAC.) and the interfaces file was 'iface ens192 inet6 dhcp'
However I have just switched to Stateless DHCP (Will advertise this router with SLAAC and other configuration information available via DHCPv6. ) and adjusted the interfaces file to 'iface ens192 inet6 auto' to see if that made any difference (rebooting each time just to make sure) but sadly no.
Now, general IPv6 operations are fine, email works great over IPv6, I can ping the shop fine:
root@mg1:~# ping shop.proxmox.com
PING shop.proxmox.com(shop.proxmox.com (2a01:7e0:0:424::2)) 56 data bytes
64 bytes from shop.proxmox.com (2a01:7e0:0:424::2): icmp_seq=1 ttl=57 time=11.5 ms
64 bytes from shop.proxmox.com (2a01:7e0:0:424::2): icmp_seq=2 ttl=57 time=11.6 ms
but trying to activate the license was having none of it. Just kept coming up with timeout errors. Also adding ACME accounts does the same. It'll sit there loading before it'll time out.
I've sent emails from my Google account through to the email server behind PMG and it's IPv6 all the way, so it's routing absolutely fine. It just seems to be certain admin web elements that misbehave with IPv6.
To get ACME configured, I disabled IPv6 temporarily, added the account setup the certs then re-enabled IPv6. Still waiting to see if the auto renew runs ok.
For the shop, I just added shop.proxmox.com in the hosts file resolving to the IPv4 address so I could get the subscriptions active.
Any further info required to help or anything else I can check?
I have a strange issue with a newly built PMG with IPv6 and certain web interface admin pages not operating correctly. I've done plenty of searching and while there are plenty of threads about IPv6, that's more about it not working at all where here it's only the web interface.
Yesterday I tried to activate the subscription and that was timing out, also adding an ACME account for certificates was timing out too.
It's dual stack with static IPv4 address and the inet6 is auto, see interfaces file:
auto lo
iface lo inet loopback
auto ens192
iface ens192 inet static
address 172.16.10.51/24
gateway 172.16.10.254
iface ens192 inet6 auto
source /etc/network/interfaces.d/*
ip address returns:
ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:84:47:d4 brd ff:ff:ff:ff:ff:ff
altname enp11s0
inet 172.16.10.51/24 scope global ens192
valid_lft forever preferred_lft forever
inet6 dead:beef:a001:0:250:56ff:dead:beef/64 scope global dynamic mngtmpaddr
valid_lft 86329sec preferred_lft 14329sec
inet6 dead:beef:a001:100:250:56ff:dead:beef/64 scope global dynamic mngtmpaddr
valid_lft 86180sec preferred_lft 14180sec
inet6 fe80::250:56ff:fe84:47d4/64 scope link
valid_lft forever preferred_lft forever
ip -6 route returns:
dead:beef:a001::/64 dev ens192 proto kernel metric 256 expires 86179sec pref medium
dead:beef:a001:100::/64 dev ens192 proto kernel metric 256 expires 86292sec pref medium
fe80::/64 dev ens192 proto kernel metric 256 pref medium
default via fe80::250:56ff:fe84:a23a dev ens192 proto ra metric 1024 expires 1692sec hoplimit 64 pref medium
default via fe80::250:56ff:fe84:4cfa dev ens192 proto ra metric 1024 expires 1579sec hoplimit 64 pref medium
The boxes (there are two in a cluster and both are affected by the same issue, but just focusing on one) are behind two pfSense firewalls with WAN getting ipv6 via DHCP6 with prefix delegation of 56. The LAN interface is tracking WAN. The firewalls RA was configured as Assisted (Will advertise this router with configuration through a DHCPv6 server and/or SLAAC.) and the interfaces file was 'iface ens192 inet6 dhcp'
However I have just switched to Stateless DHCP (Will advertise this router with SLAAC and other configuration information available via DHCPv6. ) and adjusted the interfaces file to 'iface ens192 inet6 auto' to see if that made any difference (rebooting each time just to make sure) but sadly no.
Now, general IPv6 operations are fine, email works great over IPv6, I can ping the shop fine:
root@mg1:~# ping shop.proxmox.com
PING shop.proxmox.com(shop.proxmox.com (2a01:7e0:0:424::2)) 56 data bytes
64 bytes from shop.proxmox.com (2a01:7e0:0:424::2): icmp_seq=1 ttl=57 time=11.5 ms
64 bytes from shop.proxmox.com (2a01:7e0:0:424::2): icmp_seq=2 ttl=57 time=11.6 ms
but trying to activate the license was having none of it. Just kept coming up with timeout errors. Also adding ACME accounts does the same. It'll sit there loading before it'll time out.
I've sent emails from my Google account through to the email server behind PMG and it's IPv6 all the way, so it's routing absolutely fine. It just seems to be certain admin web elements that misbehave with IPv6.
To get ACME configured, I disabled IPv6 temporarily, added the account setup the certs then re-enabled IPv6. Still waiting to see if the auto renew runs ok.
For the shop, I just added shop.proxmox.com in the hosts file resolving to the IPv4 address so I could get the subscriptions active.
Any further info required to help or anything else I can check?