How do I connect from one linode to another over ipv6 link local?
I'm unable to connect to my db server, from my web server, over ipv6 link local, with Debian 10. It was working a few months ago, but I came back from a break and found it doesn't work. Previously, the website ran and let you log in and view database data in the admin area. Now it can't connect to the db.
I tried restarting the web and db servers, and disabling ufw. But I'm seeing this:
ansible@web-production:~$ ssh fe80::f03c:92ff:fe95:3a70%eth0
ssh: connect to host fe80::f03c:92ff:fe95:3a70%eth0 port 22: Connection timed out
ansible@web-production:~$ ssh fe80::f03c:92ff:fe95:3a70%eth0 -p 5432
ssh: connect to host fe80::f03c:92ff:fe95:3a70%eth0 port 5432: Connection timed out
database.yml has that ipv6 address, which worked before but doesn't now:
production:
<<: *default
database: xxx
username: xxx
password: xxx
host: fe80::f03c:92ff:fe95:3a70%eth0
port: 5432
my pg_hba.conf, which was working before, includes this to let the web server connect:
host all all fe80::f03c:92ff:fe95:3aa0/128 scram-sha-256
Has anything been changed recently? Am I doing something wrong? I don't know why I'm getting timeouts when I try to ssh to the link local address, or how to troubleshoot them. What's the correct way to ssh between linodes?
1 Reply
rpalko
Linode Staff
Honestly, I'm surprised you got this working before over the link-local address. The link-local addresses is typically used for things like automatic address configuration and neighbor discovery protocol. It can only really talk to the next "link" in the chain. This article from Cisco really helped me understand what they are used for and how they work; hopefully it can do the same for you:
If you want to connect over your web server to your db server, you'll want to use your global/SLAAC IPv6 address. Linode doesn't have true private IPv6 addresses, but any local traffic over IPv6 will not count against your quota, so it basically acts like a private IP in that regard anyway.