dig upsserver.lan AAAA // On both upsserver.lan and othermachine.lan
;; ANSWER SECTION:
upsserver.lan. 0 IN AAAA 2403:de00:2200:f06:xxxx:xxxx:xxxx:703c
So the NUT server is listening on the wrong IPv6 address/interface:
The NUT forums contains several discussions about IPv6 issues, usually about IPv4 vs IPv6 or config issues, but this is just a simple case of the server listening on an expiring IPv6 address/interface rather than the current one for the server:
Does anyone have any ideas on how to fix this? I assume it’s not a NUT bug since it would make it unusable on IPv6 systems and there’d be noticeable wailing and gnashing of teeth, so some config issue? I’ve temporarily worked around it with LISTEN */::, but I’d prefer to be a bit more restrictive than that.
The DNS is correct, it’s pointing to the currently active IPv6 address. The problem is that NUT is listening on an expired IPv6 address, it’s not switching over to the current one for the server. Everything else, HTTP, SSH, etc, get it right, it’s only NUT that has this problem:
tcp6 0 64 2403:de00:2200:f06:xxxx:xxxx:xxxx:703c:22 xxxx:yyyy ESTABLISHED
I see that you have given a hostname in the listen entry for NUT.
Hostnames should never be used in such entries, because the service to resolve such hostnames rarely are available at that point in the initialization.
There are two IPv6 addresses of interest (ending with): “c0cc” and “703c”, both are dynamic and temporary but the c0cc address is in a “deprecated” state.
NUT Server is configured to use a dns name that appears to be resolving to an address that is dynamically changing. When the NUT Sever started up, the dns likely resolved to the “c0cc” address so the NUT Server sets up a listening socket for the c0cc address and port 3493.
The NUT Client is using a dns lookup to connect to the server but at that particular time (sometime later) is failing to connect to the server because dns resolved to the “703c” address,
From my understanding, a “deprecated” address is still useable in its current state and will continue to be until its “valid lifetime” expires, but a “deprecated” address is not suppose to be used for making new connections. I haven’t coded with sockets in a long time, but if I had to guess, I would say there is nothing to notify the NUT Server that the socket it created for c0cc is in a deprecated state, so it probably just sits there happily using the c0cc address.
Perhaps a solution would be to have the NUT Server use a static address if that is possible here.
Yeah, I’m not familiar enough with the technical details of IPv6 but I assume it’s due to the IPv6 privacy extensions where you get a random EUI… when the DHCPv6 lease expires? The IPv4 address is stable so I’ll either configure it for IPv4 or keep using LISTEN ::, I can set up an ACL on the router to only allow connections from the HA server so it doesn’t matter what interface it’s listening on.