Troubleshooting “Operation not permitted” IPv6 Connectivity Issues on Linux Servers


8 views

When your Linux server suddenly stops processing IPv6 traffic and throws "Operation not permitted" errors, even for basic operations like pinging ::1, you're typically facing one of these underlying issues:

# Example error patterns you might see:
$ ping6 ::1
ping: sendmsg: Operation not permitted

$ journalctl -xe | grep -i ipv6
wide-dhcpv6-client[1234]: bind: Operation not permitted
radvd[5678]: socket: Operation not permitted

From my experience with Ubuntu servers, these are the most probable causes in order of likelihood:

1. Missing or incorrect IPv6 kernel modules
2. AppArmor/SELinux restrictions
3. Improper network namespace configuration
4. Broken IPv6 routing tables
5. Firewall rules blocking ICMPv6

Run these commands to gather troubleshooting data:

# Check IPv6 kernel support
lsmod | grep ipv6

# Verify interface configuration
ip -6 addr show

# Test raw socket permissions
sudo strace -e trace=network ping6 ::1

# Check AppArmor denials
sudo aa-status | grep -i denied

# Examine network namespaces
ip netns list

Here are concrete fixes that have worked in production environments:

Kernel Module Reload

sudo modprobe -r ipv6
sudo modprobe ipv6

AppArmor Configuration

# Create or modify /etc/apparmor.d/local/usr.sbin.dhclient
/usr/sbin/dhclient {
  network inet6 raw,
}

# Then reload AppArmor
sudo systemctl restart apparmor

Firewall Rules for ICMPv6

sudo ip6tables -A INPUT -p icmpv6 -j ACCEPT
sudo ip6tables -A OUTPUT -p icmpv6 -j ACCEPT

To prevent recurrence after reboots:

# In /etc/modules-load.d/ipv6.conf
ipv6

# In /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0

When standard fixes don't work, use these deeper inspection tools:

# Check capabilities
sudo getcap /bin/ping6

# Trace system calls
sudo stap -e 'probe syscall.socket { 
  if (name == "socket" && arg2==10) 
    printf("%s %s\\n", execname(), argstr) 
}'

When working with IPv6 on Ubuntu Server 8.10, encountering "Operation not permitted" errors can be particularly frustrating. This affects fundamental operations like:

ping6 ::1
wide-dhcpv6-client
radvd

The problem persists even with root privileges, suggesting deeper system-level configuration issues rather than simple permission problems.

First, verify your IPv6 module is properly loaded:

lsmod | grep ipv6

Check your network interfaces configuration:

ifconfig -a
ip -6 addr show

1. Restart the IPv6 networking stack:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0

2. Check your firewall rules (iptables/ip6tables):

sudo ip6tables -L -n -v

3. Verify route tables:

ip -6 route show

If basic checks don't resolve the issue, consider these steps:

# Check for kernel messages
dmesg | grep -i ipv6

# Verify ICMPv6 is not blocked
sudo sysctl -w net.ipv6.icmp.echo_ignore_all=0

# Test raw socket creation (C program example)
#include <sys/socket.h>
#include <netinet/in.h>

int main() {
    int s = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
    if (s < 0) perror("socket");
    return 0;
}

Consider these nuclear options:

  1. Reinstall the ipv6 module: 
    sudo modprobe -r ipv6
sudo modprobe ipv6
  2. Check for SELinux/AppArmor restrictions: 
    sudo aa-status
sudo getenforce