OAG: No IPv6 Link Local Address to Retry after Duplicate Address Detection Failures (Back Off)
Jul 15, 2025
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview
The following log messages are related to IPv6 addresses.
NOTE: This is not causing an issue, but it causes extra logging.
In Okta Access Gateway (OAG), no IPv6 link-local address to retry after Duplicate Address Detection failures (back off).
The following IPV6 warning logs are seen.
2023-06-02T07:07:41.992-07:00 okta-worker.lab NetworkManager <warn> [1685714861.9918] platform-linux: do-add-ip6-address[2: fe80::88b:aff:feee:dfb5]: failure 13 (Permission denied)
2023-06-02T07:07:43.990-07:00 okta-worker.lab NetworkManager <warn> [1685714863.9907] ipv6ll[b57e3b17062b91ed,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
2023-06-02T07:07:43.990-07:00 okta-worker.lab NetworkManager <warn> [1685714863.9907] ipv6ll[b57e3b17062b91ed,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off)
Applies To
- Okta Access Gateway
Cause
Solution
- Log in to the management console shell.
- Check the configuration on the kernel level.
sudo sysctl -p | grep ipv6
- As shown below a value of 1 will be displayed if it is disabled at the kernel level.
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
- Check the interface config file below for IPv6 options. If they are found enabled, the entries need to be disabled with a #.
cat /etc/sysconfig/network-scripts/ifcfg-eth0
- To disable, open the file in an editor and comment it out.
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
- Once the IPv6 options are commented out, the network service must be restarted.
sudo systemctl restart NetworkManager
- Validate that the logs are no longer seen.
sudo tail -F /opt/oag/logs/all/ics_all.log
