apt-get update stuck: Connecting to security.ubuntu.com

networking apt 15.04 ipv6

99,651

Solution 1

The IPv6 setting for the network were ignored, but disabling IPv6 via /etc/sysctl.conf worked:

Add the following lines at the bottom of /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Run sudo sysctl -p to reload the /etc/sysctl.conf settings.

Solution 2

This worked for me, courtesy of Zach Adams (https://zach-adams.com/2015/01/apt-get-cant-connect-to-security-ubuntu-fix/):

Turns out this is an issue where connecting over IPv6 on some servers causes them to get stuck at this point. The fix is really simple.

Open /etc/gai.conf

Under the line

# For sites which prefer IPv4 connections change the last line to

Uncomment the following line by removing the #:

# precedence ::ffff:0:0/96 100
This will allow you to still use IPv6 but sets IPv4 as the precedence so that apt-get won’t get stuck.

Solution 3

A better approach is to use apt-get as follows instead of editing gai.conf file.

sudo apt-get -o Acquire::ForceIPv4=true update

If you want to make this persistent just add an alias for 'apt-get' in your bash file.

Solution 4

Other solutions did not help ... in my case I created an aws ec2 instance Ubuntu 18.04 using

Auto-assign Public IP -> no pick disable

after trying all suggested solutions I threw up my hands and killed that and created a new ec2 instance using

Auto-assign Public IP -> yes  Use subnet setting (Enable)

and it worked fine ... apt-get update && apt-get upgrade are happy now

View more solutions

99,651

Pabi

Updated on September 18, 2022

Comments

Pabi over 1 year
When I run apt-get update on my machine it gets stuck at:
```
100% [Connecting to security.ubuntu.com (2001:67c:1562::15)] [Connecting to archive.canonical.com (2001:67c:1360:8c01::16)]
```
I have made no recent changes to the system and use my home network which worked fine previously.

I can't explain why it switched to using IPv6.
I have IPv6 set to ignore for the wireless network:

Ouput of ip addr:
```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: mlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 4c:0b:be:22:0a:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.106/24 brd 192.168.2.255 scope global dynamic mlan0
   valid_lft 1814086sec preferred_lft 1814086sec
inet6 ::d5:b551:28db:2789:225/64 scope global temporary dynamic 
   valid_lft 604483sec preferred_lft 85483sec
inet6 ::d5:4e0b:beff:fe22:ab4/64 scope global mngtmpaddr dynamic 
   valid_lft 604779sec preferred_lft 86379sec
inet6 fe80::4e0b:beff:fe22:ab4/64 scope link 
   valid_lft forever preferred_lft forever
```
- heemayl about 9 years
  
  Change the IP addressing to IPv4 and then try again..
- TheWanderer about 9 years
  
  Why are you using IPv6? Like heemayl said, change to using IPv4, under Network Settings>[Adapter]>Advanced.
- Pabi about 9 years
  
  I don't know why it switched to IPv6. I added additional information.
- muru about 9 years
  
  possible duplicate of get apt-get stop using ipv6
- kasperd about 9 years
  
  It looks as if you may have a host sending router advertisements with 0:0:0:d5::/64. This range is listed as reserved by IETF, so that is definitely not a valid prefix to be advertising. If those RAs have stopped already, it may be impossible to find out, where they came from. In that case all you can really do is to restart the network interface and the problem goes away. If the RAs are still being send, then you can look at a packet capture to see which MAC they are coming from.
- kasperd about 9 years
  
  Other than the misconfigured IPv6 connectivity, another contributor to your problem is the lack of RFC 6555 support in apt-get. Had apt-get followed RFC 6555, you would never have noticed any problem.
- Michael Hampton about 9 years
  
  Your local router is doing something wrong, and giving you invalid IPv6 addresses. Check and fix the router's configuration.
- MQ87 over 8 years
  
  Best solution to the problem found here: askubuntu.com/questions/574569/…
- TonyG over 5 years
  
  For posterity... Thinking "I don't have any reason to use IPV6 yet" I deleted a firewall security definition (openstack) to allow IPV6 Egress. Oops. Recreating that rule (then cancelling and restarting the update) allowed the update to proceed as normal, with no changes to local config files. Note: In this example there was Not a problem with apt or with v4/v6 preferences. I suspect we'll see more of this as time goes on and v6 gets more use.
kasperd about 9 years

That's not how you should be doing. Those lines means once you connect to a network, which actually has IPv6, you'll get a less reliable connection than you were supposed to. Also, those lines do nothing to fix the root cause of your problem, which you haven't even identified.
Pabi about 9 years

I do not need IPv6 anywhere so this works just fine.
kasperd about 9 years

That's a common myth. Reality is that in a couple of months, Africa will be the only region of the world, which have not run out of IPv4 addresses.
Pabi about 9 years

Yes for non private ip adresses. But on small networks like my home network I wil always use IPv4.
kasperd about 9 years

That's just silly, because for connecting to hosts on the same network segment there are multiple advantages in IPv6 link-local addresses compared to IPv4.
Pabi about 9 years

That may be true but none of this advantages will be big enough to make me rember IPv6 adresses.
kasperd about 9 years

That's another myth. The only IPv6 addresses which are really relevant to remember are ::1 and ff02::1. All other addresses you get through DNS.
Pabi about 9 years

If you setup DNS. For my home computers, routers and all other devices tehre is no DNS. And I would think 99% of peapoile use IPx4 for private networks.
Pabi about 9 years

Can't do that from my phone ;) Lets just agree that we disagree.
kasperd about 9 years

Do what you want to do. I just comment to ensure that anybody else who might come across the same problem knows that making the suggested changes to sysctl.conf is going to cause problems eventually.
Cyrusmith almost 8 years

Thanks! This answer is much better than just slavishly disabling ipv6.
Gauthier over 7 years

If you get no luck with this, try that: askubuntu.com/a/759540/4246
GaTechThomas over 7 years

OMG that helped so much!
metame about 7 years

But wouldn't this make connections that could be IPv6 all IPv4?
Francesco Dondi about 7 years

@metame that's the whole point. OP said his IPv6 is disabled, and attempting to use it causes problems.
Elder Geek almost 7 years

Note: This is still valid on 14.04 and 16.04 LTS versions
mat almost 7 years

Worked for me on Linux Mint 18.1 & 18.2. This should be default.
ferdy over 6 years

Ubuntu 17.04 here, after waiting tons of minutes for the timeout. thanks!
Pratik Singhal over 6 years

This worked for me in ubuntu 16.04
Pafnucy over 6 years

Had to do it in Kubuntu 17.10... this default could be changed to solution above.
paulsm4 about 6 years

Your reply is the gift that just keeps on giving: thank you :)
luckydonald over 5 years

Wow, this reduced my apt-get update from 12 minutes to under a second. Impressive.
RBV about 5 years

Worked great for me -- don't forget to log off then back on to apply the change...
Thomas Praxl about 5 years

Worked great on Linux Mint 18.3. You don't need to log off to apply the change.
Renato Francia over 3 years

Awesome! This worked for me in Ubuntu 20.04.
ZeZNiQ almost 3 years

Worked for me in Ubuntu 18.04.4 LTS! Thanks!
Akhil over 2 years

for me it was the firewall issue. allowing outbound connections worked for me.