apt-get update stuck: Connecting to security.ubuntu.com
Solution 1
The IPv6 setting for the network were ignored, but disabling IPv6 via /etc/sysctl.conf
worked:
Add the following lines at the bottom of /etc/sysctl.conf
:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Run sudo sysctl -p
to reload the /etc/sysctl.conf
settings.
Solution 2
This worked for me, courtesy of Zach Adams (https://zach-adams.com/2015/01/apt-get-cant-connect-to-security-ubuntu-fix/):
Turns out this is an issue where connecting over IPv6 on some servers causes them to get stuck at this point. The fix is really simple.
Open /etc/gai.conf
Under the line
# For sites which prefer IPv4 connections change the last line to
Uncomment the following line by removing the #
:
# precedence ::ffff:0:0/96 100
This will allow you to still use IPv6 but sets IPv4 as the precedence so that apt-get won’t get stuck.
Solution 3
A better approach is to use apt-get as follows instead of editing gai.conf file.
sudo apt-get -o Acquire::ForceIPv4=true update
If you want to make this persistent just add an alias for 'apt-get' in your bash file.
Solution 4
Other solutions did not help ... in my case I created an aws ec2 instance Ubuntu 18.04 using
Auto-assign Public IP -> no pick disable
after trying all suggested solutions I threw up my hands and killed that and created a new ec2 instance using
Auto-assign Public IP -> yes Use subnet setting (Enable)
and it worked fine ... apt-get update && apt-get upgrade
are happy now
Related videos on Youtube
Pabi
Updated on September 18, 2022Comments
-
Pabi over 1 year
When I run
apt-get update
on my machine it gets stuck at:100% [Connecting to security.ubuntu.com (2001:67c:1562::15)] [Connecting to archive.canonical.com (2001:67c:1360:8c01::16)]
I have made no recent changes to the system and use my home network which worked fine previously.
I can't explain why it switched to using IPv6.
I have IPv6 set toignore
for the wireless network:Ouput of
ip addr
:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: mlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 4c:0b:be:22:0a:b4 brd ff:ff:ff:ff:ff:ff inet 192.168.2.106/24 brd 192.168.2.255 scope global dynamic mlan0 valid_lft 1814086sec preferred_lft 1814086sec inet6 ::d5:b551:28db:2789:225/64 scope global temporary dynamic valid_lft 604483sec preferred_lft 85483sec inet6 ::d5:4e0b:beff:fe22:ab4/64 scope global mngtmpaddr dynamic valid_lft 604779sec preferred_lft 86379sec inet6 fe80::4e0b:beff:fe22:ab4/64 scope link valid_lft forever preferred_lft forever
-
heemayl about 9 yearsChange the IP addressing to IPv4 and then try again..
-
TheWanderer about 9 yearsWhy are you using IPv6? Like heemayl said, change to using IPv4, under Network Settings>[Adapter]>Advanced.
-
Pabi about 9 yearsI don't know why it switched to IPv6. I added additional information.
-
muru about 9 yearspossible duplicate of get apt-get stop using ipv6
-
kasperd about 9 yearsIt looks as if you may have a host sending router advertisements with
0:0:0:d5::/64
. This range is listed as reserved by IETF, so that is definitely not a valid prefix to be advertising. If those RAs have stopped already, it may be impossible to find out, where they came from. In that case all you can really do is to restart the network interface and the problem goes away. If the RAs are still being send, then you can look at a packet capture to see which MAC they are coming from. -
kasperd about 9 yearsOther than the misconfigured IPv6 connectivity, another contributor to your problem is the lack of RFC 6555 support in
apt-get
. Hadapt-get
followed RFC 6555, you would never have noticed any problem. -
Michael Hampton about 9 yearsYour local router is doing something wrong, and giving you invalid IPv6 addresses. Check and fix the router's configuration.
-
MQ87 over 8 yearsBest solution to the problem found here: askubuntu.com/questions/574569/…
-
TonyG over 5 yearsFor posterity... Thinking "I don't have any reason to use IPV6 yet" I deleted a firewall security definition (openstack) to allow IPV6 Egress. Oops. Recreating that rule (then cancelling and restarting the update) allowed the update to proceed as normal, with no changes to local config files. Note: In this example there was Not a problem with apt or with v4/v6 preferences. I suspect we'll see more of this as time goes on and v6 gets more use.
-
-
kasperd about 9 yearsThat's not how you should be doing. Those lines means once you connect to a network, which actually has IPv6, you'll get a less reliable connection than you were supposed to. Also, those lines do nothing to fix the root cause of your problem, which you haven't even identified.
-
Pabi about 9 yearsI do not need IPv6 anywhere so this works just fine.
-
kasperd about 9 yearsThat's a common myth. Reality is that in a couple of months, Africa will be the only region of the world, which have not run out of IPv4 addresses.
-
Pabi about 9 yearsYes for non private ip adresses. But on small networks like my home network I wil always use IPv4.
-
kasperd about 9 yearsThat's just silly, because for connecting to hosts on the same network segment there are multiple advantages in IPv6 link-local addresses compared to IPv4.
-
Pabi about 9 yearsThat may be true but none of this advantages will be big enough to make me rember IPv6 adresses.
-
kasperd about 9 yearsThat's another myth. The only IPv6 addresses which are really relevant to remember are
::1
andff02::1
. All other addresses you get through DNS. -
Pabi about 9 yearsIf you setup DNS. For my home computers, routers and all other devices tehre is no DNS. And I would think 99% of peapoile use IPx4 for private networks.
-
Pabi about 9 yearsCan't do that from my phone ;) Lets just agree that we disagree.
-
kasperd about 9 yearsDo what you want to do. I just comment to ensure that anybody else who might come across the same problem knows that making the suggested changes to
sysctl.conf
is going to cause problems eventually. -
Cyrusmith almost 8 yearsThanks! This answer is much better than just slavishly disabling ipv6.
-
Gauthier over 7 yearsIf you get no luck with this, try that: askubuntu.com/a/759540/4246
-
GaTechThomas over 7 yearsOMG that helped so much!
-
metame about 7 yearsBut wouldn't this make connections that could be IPv6 all IPv4?
-
Francesco Dondi about 7 years@metame that's the whole point. OP said his IPv6 is disabled, and attempting to use it causes problems.
-
Elder Geek almost 7 yearsNote: This is still valid on 14.04 and 16.04 LTS versions
-
mat almost 7 yearsWorked for me on Linux Mint 18.1 & 18.2. This should be default.
-
ferdy over 6 yearsUbuntu 17.04 here, after waiting tons of minutes for the timeout. thanks!
-
Pratik Singhal over 6 yearsThis worked for me in ubuntu 16.04
-
Pafnucy over 6 yearsHad to do it in Kubuntu 17.10... this default could be changed to solution above.
-
paulsm4 about 6 yearsYour reply is the gift that just keeps on giving: thank you :)
-
luckydonald over 5 yearsWow, this reduced my
apt-get update
from 12 minutes to under a second. Impressive. -
RBV about 5 yearsWorked great for me -- don't forget to log off then back on to apply the change...
-
Thomas Praxl about 5 yearsWorked great on Linux Mint 18.3. You don't need to log off to apply the change.
-
Renato Francia over 3 yearsAwesome! This worked for me in Ubuntu 20.04.
-
ZeZNiQ almost 3 yearsWorked for me in Ubuntu 18.04.4 LTS! Thanks!
-
Akhil over 2 yearsfor me it was the firewall issue.
allowing outbound connections
worked for me.