Re: [opensuse] DHCPv6-PD request
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp. I'll try installing dhcpcd 6.10 and see what happens. Any configuration required? I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this??? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:06 AM, James Knott wrote:
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp.
I'll try installing dhcpcd 6.10 and see what happens. Any configuration required?
I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this???
on my system (which utilized dsl) I had the following commands run once
ppp0 came up:
echo 2 > /proc/sys/net/ipv6/conf/ppp0/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/ppp0/forwarding
dhcpcd -6 --noipv4ll -t 0 ppp0 &
the contents of my dhcpcd.conf were:
denyinterfaces eth1
noipv6rs
interface ppp0
ipv6rs
ipv6only
iaid 1
ia_pd 1 eth2/5
duid
persistent
option rapid_commit
option classless_static_routes
option interface_mtu
Hope this helps you out.
--
Jeremy Baker
James Knott wrote:
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp.
I have Leap421 running fine on IPv6, with dhcp etc. I don't recall having to change any config.
I'll try installing dhcpcd 6.10 and see what happens. Any configuration required?
I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this???
It is odd, but obviously you're one of the very first to encounter this issue. -- Per Jessen, Zürich (24.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:26 AM, Per Jessen wrote:
James Knott wrote:
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp. I have Leap421 running fine on IPv6, with dhcp etc. I don't recall having to change any config.
I'll try installing dhcpcd 6.10 and see what happens. Any configuration required?
I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this??? It is odd, but obviously you're one of the very first to encounter this issue.
Actually, no. Jeremy Baker also had this and installed a later version of dhcpcd to get around the problem. More and more people are running IPv6 and more and more carriers are switching to it. I've been getting IPv6 via tunnel for 6 years and my ISP is now providing it. These days, dhcpv6-pd is being used to provide the prefixes and must be supported by anything that's being used as a firewall/router and that includes Linux. A friend is experiencing a similar issue with a Trendnet TEW-812DRU router which supports IPv6 but apparently not dhcpv6-pd. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/08/2016 11:26 AM, Per Jessen wrote:
James Knott wrote:
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp. I have Leap421 running fine on IPv6, with dhcp etc. I don't recall having to change any config.
I'll try installing dhcpcd 6.10 and see what happens. Any configuration required?
I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this??? It is odd, but obviously you're one of the very first to encounter this issue.
Actually, no. Jeremy Baker also had this and installed a later version of dhcpcd to get around the problem.
Okay, so you're two of the very first openSUSE users :-)
More and more people are running IPv6 and more and more carriers are switching to it. I've been getting IPv6 via tunnel for 6 years and my ISP is now providing it. These days, dhcpv6-pd is being used to provide the prefixes and must be supported by anything that's being used as a firewall/router and that includes Linux.
Sure - I guess most people have a router/modem with the appropriate PD support. I've never needed it, always had static configs. -- Per Jessen, Zürich (24.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:56 AM, Per Jessen wrote:
More and more people are running IPv6 and more and more carriers are
switching to it. I've been getting IPv6 via tunnel for 6 years and my ISP is now providing it. These days, dhcpv6-pd is being used to provide the prefixes and must be supported by anything that's being used as a firewall/router and that includes Linux. Sure - I guess most people have a router/modem with the appropriate PD support. I've never needed it, always had static configs.
Manual configuration is used for business customers, where the prefix is configured into the router and routing protocols, such as OSPF or EIGRP, set up routing to the network. However, ISPs serving consumers want to avoid that and use something that works automagically. That something is dhcpv6-pd, just as dhcp repalced manual configuration. With my tunnel, the client I use sets up the prefix on my firewall/router. Fortunately it still works with Leap. So, at the moment, I have to get dhcpcd 6.10.1 to work for this. Manually starting it doesn't do the trick for IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/08/2016 11:56 AM, Per Jessen wrote:
More and more people are running IPv6 and more and more carriers are
switching to it. I've been getting IPv6 via tunnel for 6 years and my ISP is now providing it. These days, dhcpv6-pd is being used to provide the prefixes and must be supported by anything that's being used as a firewall/router and that includes Linux. Sure - I guess most people have a router/modem with the appropriate PD support. I've never needed it, always had static configs.
Manual configuration is used for business customers, where the prefix is configured into the router and routing protocols, such as OSPF or EIGRP, set up routing to the network. However, ISPs serving consumers want to avoid that and use something that works automagically.
Yup, makes a lot of sense.
So, at the moment, I have to get dhcpcd 6.10.1 to work for this. Manually starting it doesn't do the trick for IPv6.
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary. -- Per Jessen, Zürich (24.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary.
I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before. So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 12:43 PM, James Knott wrote:
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary. I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before. So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix.
By following the info at this link, I've been able to get an IPv6 address for my firewall: https://wiki.archlinux.org/index.php/IPv6 Now to get it to send the prefix to other devices. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary.
I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before.
You've always used NetworkManager?
So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix.
The thing is - when you're not using NetworkManager, you're using wicked, and wicked runs its own dhcp client. Maybe you can configure the interface for dhcpv4 only, then run dhcpd manually next to it. I wonder how you get radvd updated. -- Per Jessen, Zürich (22.3°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 02:00 PM, Per Jessen wrote:
James Knott wrote:
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary. I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before. You've always used NetworkManager?
No. I only use it on my notebook. My desktop & firewall use ifup.
So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix. The thing is - when you're not using NetworkManager, you're using wicked, and wicked runs its own dhcp client. Maybe you can configure the interface for dhcpv4 only, then run dhcpd manually next to it. I wonder how you get radvd updated.
This is what I'm trying to figure out. Since wicked is fairly new, it should have included this "out of the box". One curious thing I just noticed is the IPv6 address I'm getting on my firewall appears on the LAN side, not WAN. Routers normally communicate via link local address, but can use global unicast. I'm not sure if the address I see on the LAN side is supposed to be there or not. According to the RFC, dhcpv6-pd has been around since 2003. I'm really surprised it hadn't been implemented in openSUSE years ago. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
08.05.2016 19:05, James Knott пишет:
On 05/08/2016 11:56 AM, Per Jessen wrote:
More and more people are running IPv6 and more and more carriers are
switching to it. I've been getting IPv6 via tunnel for 6 years and my ISP is now providing it. These days, dhcpv6-pd is being used to provide the prefixes and must be supported by anything that's being used as a firewall/router and that includes Linux. Sure - I guess most people have a router/modem with the appropriate PD support. I've never needed it, always had static configs.
Manual configuration is used for business customers, where the prefix is configured into the router and routing protocols, such as OSPF or EIGRP, set up routing to the network. However, ISPs serving consumers want to avoid that and use something that works automagically. That something is dhcpv6-pd, just as dhcp repalced manual configuration. With my tunnel, the client I use sets up the prefix on my firewall/router. Fortunately it still works with Leap.
As long as user gets valid prefix from ISP black box, how does it matter whether ISP black box is using manual configuration, PD, or black magic? Your requirement is different - you want to build something that replaces this ISP black box. May be it is not that common use case as you pretend it to be. Which would explain why developers do not rash to jump the boat.
So, at the moment, I have to get dhcpcd 6.10.1 to work for this. Manually starting it doesn't do the trick for IPv6.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 02:45 PM, Andrei Borzenkov wrote:
As long as user gets valid prefix from ISP black box, how does it matter whether ISP black box is using manual configuration, PD, or black magic? Your requirement is different - you want to build something that replaces this ISP black box.
May be it is not that common use case as you pretend it to be. Which would explain why developers do not rash to jump the boat.
When you get a prefix, you need some method to do it automatically, so that manual configuration is not required. That method is dhcpv6-pd. I am not trying to replace the ISPs black box. I'm trying to work with what they provide and that is dhcpv6-pd. So, any firewall/router that connects to their network has to use it. Plain dhcpcd only gets an address for the firewall/router and not devices on the local network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:17 AM, Jeremy Baker wrote:
Hope this helps you out.
-
I am able to get dhcpcd to get an IPv6 address, though it appears on the lan side, not wan. I also can't get it to advertise the prefix to the network. Are you doing that? Here's what I have in radvd.conf: interface eth1 { AdvSendAdvert on; MaxRtrAdvInterval 30; prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; AdvValidLifetime 300; AdvPreferredLifetime 120; }; }; And the relevant part of dhcpcd.conf: # from https://wiki.archlinux.org/index.php/IPv6 duid noipv6rs waitip 6 # Uncomment this line if you are running dhcpcd for IPv6 only. #ipv6only # use the interface connected to WAN interface eth0 ipv6rs iaid 1 # use the interface connected to your LAN ia_pd 1 eth1 ia_pd 1/::/64 eth1/0/64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:17 AM, Jeremy Baker wrote:
On 05/08/2016 11:06 AM, James Knott wrote:
On 04/19/2016 10:35 AM, Jeremy Baker wrote:
On 04/18/2016 10:30 PM, James Knott wrote:
My ISP is finally rolling out IPv6. One thing that's required is for the router to make a DHCPv6-PD request to get the prefix info etc. I don't know if my router/firewall, based on openSUSE 13.1 is doing that. I don't see anything in Wireshark that would indicate it's making that sort of request. I'm also not aware of any configuration that would enable it. Does anyone know anything about this?
tnx jk
dhcpcd after 6.4.0 will request and disposition a ia-pd prefix. I'm not sure what version 13.1 has, but opensuse 13.2 only has version 3.2.3. I installed dhcpcd-6.10.1 from source on leap and have been using it to get a delegation from my isp for 3 months or so.
I just installed Leap 42.1 and found it can't even get an IPv6 address for itself, let alone a prefix for the network. This is a step back from 13.1, which at least could get it's own IPv6 address via dhcp.
I'll try installing dhcpcd 6.10 and see what happens. Any configuration required?
I have put in a request for dhcpv6-pd to be added, but I shouldn't have had to. This is something that's becoming essential. Why are the developers missing the boat on this???
on my system (which utilized dsl) I had the following commands run once ppp0 came up:
echo 2 > /proc/sys/net/ipv6/conf/ppp0/accept_ra echo 1 > /proc/sys/net/ipv6/conf/ppp0/forwarding dhcpcd -6 --noipv4ll -t 0 ppp0 &
the contents of my dhcpcd.conf were:
denyinterfaces eth1 noipv6rs interface ppp0 ipv6rs ipv6only iaid 1 ia_pd 1 eth2/5 duid persistent option rapid_commit option classless_static_routes option interface_mtu
Hope this helps you out.
I'm using an Ethernet connection, not PPPoE. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-08 20:56, James Knott wrote:
On 05/08/2016 02:45 PM, Andrei Borzenkov wrote:
As long as user gets valid prefix from ISP black box, how does it matter whether ISP black box is using manual configuration, PD, or black magic? Your requirement is different - you want to build something that replaces this ISP black box.
May be it is not that common use case as you pretend it to be. Which would explain why developers do not rash to jump the boat.
When you get a prefix, you need some method to do it automatically, so that manual configuration is not required. That method is dhcpv6-pd. I am not trying to replace the ISPs black box. I'm trying to work with what they provide and that is dhcpv6-pd.
I think what Andrei calls "black box" is the ISP supplied router. You are not using that box, if it exists, but your own box running openSUSE. This I do no have clear: you get from the ISP not a single IP (v6), but a range. Ie, you get a prefix, and all your internal machines have to use that same prefix, plus something to differentiate each one (pos-fix?). With IPv6 we not need/use NAT, but each local machine gets one outside, real, address. Is this so? Thus, whatever replaces dhcpd-server on the inside has to know and use that external prefix. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/08/2016 03:53 PM, James Knott wrote:
On 05/08/2016 11:17 AM, Jeremy Baker wrote:
Hope this helps you out.
- I am able to get dhcpcd to get an IPv6 address, though it appears on the lan side, not wan. I also can't get it to advertise the prefix to the network. Are you doing that?
Here's what I have in radvd.conf:
interface eth1 { AdvSendAdvert on; MaxRtrAdvInterval 30;
prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; AdvValidLifetime 300; AdvPreferredLifetime 120; }; };
And the relevant part of dhcpcd.conf:
# from https://wiki.archlinux.org/index.php/IPv6 duid noipv6rs waitip 6 # Uncomment this line if you are running dhcpcd for IPv6 only. #ipv6only
# use the interface connected to WAN interface eth0 ipv6rs iaid 1 # use the interface connected to your LAN ia_pd 1 eth1 ia_pd 1/::/64 eth1/0/64
I am using radvd. My config is
interface eth2
{
AdvSendAdvert on;
AdvManagedFlag off;
AdvOtherConfigFlag off;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS (ip6 dns server) {
};
};
--
Jeremy Baker
On 05/08/2016 09:31 PM, Jeremy Baker wrote:
I am using radvd. My config is
Did you have to do anything about wicked? Also, I don't know why I see an IPv6 address on my LAN interface but not the WAN side. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 09:58 PM, James Knott wrote:
On 05/08/2016 09:31 PM, Jeremy Baker wrote:
I am using radvd. My config is Did you have to do anything about wicked? Also, I don't know why I see an IPv6 address on my LAN interface but not the WAN side. Well, I didn't have to touch wicked since my adsl configuration is done without the help of suse (there is no longer a dsl option in yast), but I did notice this from the dhcpcd docs:
noipv6rs # disable routing solicitation
denyinterfaces eth2 # Don't touch eth2 at all
interface eth0
ipv6rs # enable routing solicitation get the
# default IPv6 route
ia_na 1 # request an IPv6 address
ia_pd 2 eth1/0 # request a PD and assign it to eth1
ia_pd 3 eth2/1 eth3/2 # req a PD and assign it to eth2
and eth3
# we cannot use SLA 0 above
because we are
# assinging the PD to more than
one interface
It would appear that in addition to a prefix, it can also request an
address. Maybe try adding the ia_na line and see if that works?
--
Jeremy Baker
Carlos E. R. wrote:
This I do no have clear: you get from the ISP not a single IP (v6), but a range.
Typically a home user will receive a /64 prefix, I think that is the standing recommendation. Not all providers do this, I know of some Swiss providers that allocate smaller chunks. I believe the /64 recommendation is related to routing tables and such, although I'm not intimately familiar with the details.
Ie, you get a prefix, and all your internal machines have to use that same prefix, plus something to differentiate each one (pos-fix?).
James will get e.g. 2001:db8:1234:1234/64, and his local machines could be 2001:db8:1234:1234::1 2001:db8:1234:1234::2 2001:db8:1234:1234::3 etc. Internally, he can use dynamic or static allocation or both.
With IPv6 we not need/use NAT, but each local machine gets one outside, real, address. Is this so?
Right.
Thus, whatever replaces dhcpd-server on the inside has to know and use that external prefix.
One can use radvd alone or radvd+dhcp combined. -- Per Jessen, Zürich (13.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/08/2016 02:00 PM, Per Jessen wrote:
James Knott wrote:
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary. I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before. You've always used NetworkManager?
No. I only use it on my notebook. My desktop & firewall use ifup.
Since 13.1, ifup/ifdown == wicked.
So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix. The thing is - when you're not using NetworkManager, you're using wicked, and wicked runs its own dhcp client. Maybe you can configure the interface for dhcpv4 only, then run dhcpd manually next to it. I wonder how you get radvd updated.
This is what I'm trying to figure out. Since wicked is fairly new, it should have included this "out of the box". One curious thing I just noticed is the IPv6 address I'm getting on my firewall appears on the LAN side, not WAN. Routers normally communicate via link local address, but can use global unicast. I'm not sure if the address I see on the LAN side is supposed to be there or not.
According to the RFC, dhcpv6-pd has been around since 2003. I'm really surprised it hadn't been implemented in openSUSE years ago.
Well, if it wasn't implemented in dhcp clients until recently, I suspect all the distros are late with this. /Per -- Per Jessen, Zürich (14.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
09.05.2016 09:11, Per Jessen пишет:
Carlos E. R. wrote:
This I do no have clear: you get from the ISP not a single IP (v6), but a range.
Typically a home user will receive a /64 prefix, I think that is the standing recommendation. Not all providers do this, I know of some Swiss providers that allocate smaller chunks. I believe the /64 recommendation is related to routing tables and such, although I'm not intimately familiar with the details.
Ie, you get a prefix, and all your internal machines have to use that same prefix, plus something to differentiate each one (pos-fix?).
James will get e.g. 2001:db8:1234:1234/64, and his local machines could be
2001:db8:1234:1234::1 2001:db8:1234:1234::2 2001:db8:1234:1234::3 etc.
Internally, he can use dynamic or static allocation or both.
Except James does not want it. So far there is nothing that would require PD. ISP CPE would advertise prefix on LAN side and every device on LAN would autoconfigure. What James wants, is ISP - ISP CPE - DIY router - Home LAN where "DIY Router" gets prefix delegation from "ISP CPE" and advertises it to devices on "Home LAN". I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have ISP - eth0 [DIY] eth1 - LAN Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
With IPv6 we not need/use NAT, but each local machine gets one outside, real, address. Is this so?
Right.
Thus, whatever replaces dhcpd-server on the inside has to know and use that external prefix.
One can use radvd alone or radvd+dhcp combined.
Real life example would be helpful. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
09.05.2016 09:11, Per Jessen пишет:
James will get e.g. 2001:db8:1234:1234/64, and his local machines could be
2001:db8:1234:1234::1 2001:db8:1234:1234::2 2001:db8:1234:1234::3 etc.
Internally, he can use dynamic or static allocation or both.
Except James does not want it. So far there is nothing that would require PD. ISP CPE would advertise prefix on LAN side and every device on LAN would autoconfigure. What James wants, is
ISP - ISP CPE - DIY router - Home LAN
I thought he wanted: ISP - DIY router - Home LAN (or a setup where the ISP CPE is a bridge, so virtually invisible).
where "DIY Router" gets prefix delegation from "ISP CPE" and advertises it to devices on "Home LAN".
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
If the interfaces were bridged?
With IPv6 we not need/use NAT, but each local machine gets one outside, real, address. Is this so?
Right.
Thus, whatever replaces dhcpd-server on the inside has to know and use that external prefix.
One can use radvd alone or radvd+dhcp combined.
Real life example would be helpful.
For the above? I use radvd and dhcpv6. radvd takes care of the routing, dhcpv6 the rest - static routes, static allocations, resolver settings. One reason for using dhcpv6 is to put all guest/mobile devices on a separate prefix, which means they can be dealt with separately in the firewall. I'll be happy to post configs if anyone is interested, they're not overly complicated. The setup is not yet quite right - I still have to work out how to make a device use/prefer the dhcp assigned address instead of the slaac ditto. Hopefully without having to fiddle with each device/machine. -- Per Jessen, Zürich (14.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-09 08:25, Per Jessen wrote:
James Knott wrote:
No. I only use it on my notebook. My desktop & firewall use ifup.
Since 13.1, ifup/ifdown == wicked.
No no, 13.1 has no wicked. Only ifup/ifdown. Telcontar:~ # rpm -qa | grep -i wicked Telcontar:~ # cat /etc/SuSE-release openSUSE 13.1 (x86_64) Telcontar:~ # zypper se wicked ... Loading repository data... Reading installed packages... No packages found. Telcontar:~ # -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-05-09 08:25, Per Jessen wrote:
James Knott wrote:
No. I only use it on my notebook. My desktop & firewall use ifup.
Since 13.1, ifup/ifdown == wicked.
No no, 13.1 has no wicked. Only ifup/ifdown.
You're right, wicked was introduced in 13.2, I must have been looking the wrong system. -- Per Jessen, Zürich (22.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2016 02:56 AM, Per Jessen wrote:
For the above? I use radvd and dhcpv6. radvd takes care of the routing, dhcpv6 the rest - static routes, static allocations, resolver settings. One reason for using dhcpv6 is to put all guest/mobile devices on a separate prefix, which means they can be dealt with separately in the firewall.
I'll be happy to post configs if anyone is interested, they're not overly complicated. The setup is not yet quite right - I still have to work out how to make a device use/prefer the dhcp assigned address instead of the slaac ditto. Hopefully without having to fiddle with each device/machine.
Are you using dhcpv6-pd to get your prefix? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:49 PM, Jeremy Baker wrote:
It would appear that in addition to a prefix, it can also request an address. Maybe try adding the ia_na line and see if that works?
I now get an IPv6 on my WAN interface, but it only lasts for a few seconds. Here's the relevant bit of my dhcpcd.conf: duid noipv6rs waitip 6 # Uncomment this line if you are running dhcpcd for IPv6 only. ipv6only # use the interface connected to WAN interface eth0 ipv6rs iaid 1 # use the interface connected to your LAN ia_na 1 ia_pd 2 eth1 ia_pd 3/::/64 eth1/0/64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
09.05.2016 21:58, James Knott пишет:
On 05/08/2016 11:49 PM, Jeremy Baker wrote:
It would appear that in addition to a prefix, it can also request an address. Maybe try adding the ia_na line and see if that works?
I now get an IPv6 on my WAN interface, but it only lasts for a few seconds. Here's the relevant bit of my dhcpcd.conf:
duid noipv6rs waitip 6 # Uncomment this line if you are running dhcpcd for IPv6 only. ipv6only # use the interface connected to WAN interface eth0 ipv6rs iaid 1 # use the interface connected to your LAN ia_na 1 ia_pd 2 eth1 ia_pd 3/::/64 eth1/0/64
Only one ia_pd statement for interface that gets prefix is needed. I am not sure what it does in this case, whether first or last wins. Also you need to know length of prefix that is delegated. In particular, delegated prefix length need to be smaller than assigned prefix length; so your second ia_pd will likely not work. If you want to assign 64 prefix to eth1 you need to request 56 prefix from server. Another consideration is that sla_id 0 is special; are you sure you really want it? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2016 03:24 PM, Andrei Borzenkov wrote:
09.05.2016 21:58, James Knott пишет:
On 05/08/2016 11:49 PM, Jeremy Baker wrote:
It would appear that in addition to a prefix, it can also request an address. Maybe try adding the ia_na line and see if that works? I now get an IPv6 on my WAN interface, but it only lasts for a few seconds. Here's the relevant bit of my dhcpcd.conf:
duid noipv6rs waitip 6 # Uncomment this line if you are running dhcpcd for IPv6 only. ipv6only # use the interface connected to WAN interface eth0 ipv6rs iaid 1 # use the interface connected to your LAN ia_na 1 ia_pd 2 eth1 ia_pd 3/::/64 eth1/0/64
Only one ia_pd statement for interface that gets prefix is needed. I am not sure what it does in this case, whether first or last wins. Also you need to know length of prefix that is delegated. In particular, delegated prefix length need to be smaller than assigned prefix length; so your second ia_pd will likely not work. If you want to assign 64 prefix to eth1 you need to request 56 prefix from server. Another consideration is that sla_id 0 is special; are you sure you really want it?
I have commented out the line ia_pd 3/::/64 eth1/0/64 I'm not really sure what I want, as when I look around the net, I see different things, with no clear idea of what's needed. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2016 10:32 PM, James Knott wrote:
Only one ia_pd statement for interface that gets prefix is needed. I am
not sure what it does in this case, whether first or last wins. Also you need to know length of prefix that is delegated. In particular, delegated prefix length need to be smaller than assigned prefix length; so your second ia_pd will likely not work. If you want to assign 64 prefix to eth1 you need to request 56 prefix from server. Another consideration is that sla_id 0 is special; are you sure you really want it? I have commented out the line ia_pd 3/::/64 eth1/0/64
I'm not really sure what I want, as when I look around the net, I see different things, with no clear idea of what's needed.
I now have an IPv6 on my WAN interface that seems to be staying, but no IPv6 address on my LAN interface. Here's my radvd.conf: interface eth1 { AdvSendAdvert on; MaxRtrAdvInterval 30; prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; AdvValidLifetime 300; AdvPreferredLifetime 120; }; }; -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
10.05.2016 05:40, James Knott пишет:
On 05/09/2016 10:32 PM, James Knott wrote:
Only one ia_pd statement for interface that gets prefix is needed. I am
not sure what it does in this case, whether first or last wins. Also you need to know length of prefix that is delegated. In particular, delegated prefix length need to be smaller than assigned prefix length; so your second ia_pd will likely not work. If you want to assign 64 prefix to eth1 you need to request 56 prefix from server. Another consideration is that sla_id 0 is special; are you sure you really want it? I have commented out the line ia_pd 3/::/64 eth1/0/64
I'm not really sure what I want, as when I look around the net, I see different things, with no clear idea of what's needed.
I now have an IPv6 on my WAN interface that seems to be staying, but no IPv6 address on my LAN interface.
IP address on LAN interface (if you mean router) is assigned by dhcpcd. radvd job is just to pick up prefix from it and advertise. So forget about radvd until you actually got prefix delegation working. How do you start it (exact command line)? Does dhcpcd request prefix? Does it get anything back? Start it with --debug and check logs. Here's my radvd.conf:
interface eth1 { AdvSendAdvert on; MaxRtrAdvInterval 30;
prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; AdvValidLifetime 300; AdvPreferredLifetime 120; }; };
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/09/2016 02:56 AM, Per Jessen wrote:
For the above? I use radvd and dhcpv6. radvd takes care of the routing, dhcpv6 the rest - static routes, static allocations, resolver settings. One reason for using dhcpv6 is to put all guest/mobile devices on a separate prefix, which means they can be dealt with separately in the firewall.
I'll be happy to post configs if anyone is interested, they're not overly complicated. The setup is not yet quite right - I still have to work out how to make a device use/prefer the dhcp assigned address instead of the slaac ditto. Hopefully without having to fiddle with each device/machine.
Are you using dhcpv6-pd to get your prefix?
Nope, all static. -- Per Jessen, Zürich (16.5°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 09-05-16 om 08:31 schreef Andrei Borzenkov:
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
From my little experience/knowledge, the external interface of the [DIY] gets an IP-address in a separate prefix, not related to the prefix that is given to the [DIY] via PD. Like you said, it would be difficult to do routing if the internal and external interfaces are in the same prefix. Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
Op 09-05-16 om 08:31 schreef Andrei Borzenkov:
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
From my little experience/knowledge, the external interface of the [DIY] gets an IP-address in a separate prefix, not related to the [prefix that is given to the [DIY] via PD.
It depends on the setup/ISP, but that corresponds to my config - the uplink route has a separate prefix. -- Per Jessen, Zürich (17.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, May 10, 2016 at 10:44 AM, Per Jessen
Koenraad Lelong wrote:
Op 09-05-16 om 08:31 schreef Andrei Borzenkov:
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
From my little experience/knowledge, the external interface of the [DIY] gets an IP-address in a separate prefix, not related to the [prefix that is given to the [DIY] via PD.
It depends on the setup/ISP, but that corresponds to my config - the uplink route has a separate prefix.
Yes, I apologize for confusion; I was thinking more of the case with ISP CPE that obviously should get delegated prefixes from ISP and needs to distinguish between prefixes used to hand out DHCPv6/SLAAC addresses and prefixes used for further delegation (assuming it supports it at all). We still do not know anything about actual ISP setup James is using, so it is just guesswork. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/10/2016 03:18 AM, Koenraad Lelong wrote:
Op 09-05-16 om 08:31 schreef Andrei Borzenkov:
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
From my little experience/knowledge, the external interface of the [DIY] gets an IP-address in a separate prefix, not related to the prefix that is given to the [DIY] via PD. Like you said, it would be difficult to do routing if the internal and external interfaces are in the same prefix.
Koenraad.
With IPv6, either the link local or other scope address can be used. With my ISP, a global unicast address is used. However, as with IPv4, the gateway address is always in a different prefix/subnet. If you check the default route on your computers, you'll often see the link local address is used. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-10 10:08, Andrei Borzenkov wrote:
On Tue, May 10, 2016 at 10:44 AM, Per Jessen
wrote: Koenraad Lelong wrote:
Op 09-05-16 om 08:31 schreef Andrei Borzenkov:
I am not even sure if it is possible to do with having *second* prefix for "DIY Router" WAN interface. I.e. assuming we have
ISP - eth0 [DIY] eth1 - LAN
Can both eth0 and eth1 have the same prefixes? How would DIY know whether to use eth0 or eth1 to speak with hosts having the same prefix?
From my little experience/knowledge, the external interface of the [DIY] gets an IP-address in a separate prefix, not related to the [prefix that is given to the [DIY] via PD.
It depends on the setup/ISP, but that corresponds to my config - the uplink route has a separate prefix.
Yes, I apologize for confusion; I was thinking more of the case with ISP CPE that obviously should get delegated prefixes from ISP and needs to distinguish between prefixes used to hand out DHCPv6/SLAAC addresses and prefixes used for further delegation (assuming it supports it at all).
We still do not know anything about actual ISP setup James is using, so it is just guesswork.
Please allow my ignorance, I'll place a question for my learning :-) I thought the general purpose is to get a large range (/64) IPv6 addresses from the ISP. A single one is assigned to the external interface of the entry router, another single one to the internal interface, and then the router hands over (2^64 -2) addresses to the millions of possible internal machines, each one with an IPv6 real world address, so that any internal machine is reachable (if the router firewall permits it) from the world. On a very different scenario, the internal interface would get only local IPv6 addresses that are not reachable from internet. Similar to the IPv4 typical setup with NAT. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Tue, May 10, 2016 at 2:29 PM, Carlos E. R.
On a very different scenario, the internal interface would get only local IPv6 addresses that are not reachable from internet. Similar to the IPv4 typical setup with NAT.
Yes, that's fine with IPv6; the real problem is how to hand out correct prefix (that is assumed to be assigned dynamically) to other hosts on internal LAN. If internal interface is assigned address using this prefix, it is possible to use radvd or dnsmasq to automatically start advertising it. Otherwise it is of course possible to use hook scripts to add prefix to configuration of whatever is used to distribute it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/09/2016 11:23 PM, Andrei Borzenkov wrote:
IP address on LAN interface (if you mean router) is assigned by dhcpcd. radvd job is just to pick up prefix from it and advertise. So forget about radvd until you actually got prefix delegation working. How do you start it (exact command line)? Does dhcpcd request prefix? Does it get anything back? Start it with --debug and check logs.
firewall:/etc # dhcpcd --debug dhcpcd-6.10.1 starting eth0: disabling kernel IPv6 RA support eth1: disabling kernel IPv6 RA support eth0: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth0: executing `/usr/lib/dhcpcd-run-hooks' CARRIER eth1: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth1: executing `/usr/lib/dhcpcd-run-hooks' CARRIER DUID 00:01:00:01:1e:c2:1b:8a:00:14:d1:2b:ed:ea eth0: IAID 00:00:00:01 eth0: IAID 00:00:00:02 eth0: delaying IPv6 router solicitation for 0.4 seconds eth0: reading lease `/var/db/dhcpcd-eth0.lease6' eth0: DHCPv6 REPLY: Unknown binding eth0: accepted reconfigure key eth0: rebinding prior DHCPv6 lease eth0: delaying REBIND6 (xid 0x2aa365), next in 0.8 seconds eth1: IAID 17:a7:f2:d3 eth0: soliciting an IPv6 router eth0: sending Router Solicitation eth0: broadcasting REBIND6 (xid 0x2aa365), next in 1.0 seconds eth0: accepted reconfigure key eth0: DHCPv6 REPLY: Unknown binding eth0: REPLY6 received from fe80::217:10ff:fe91:41f eth0: adding address 2607:f798:804:93:4c11:38f0:afc:dd1b/128 eth0: pltime 171644 seconds, vltime 343870 seconds eth0: renew in 85822 seconds, rebind in 137315 seconds eth0: writing lease `/var/db/dhcpcd-eth0.lease6' eth0: waiting for DHCPv6 DAD to complete eth0: DHCPv6 DAD completed eth0: executing `/usr/lib/dhcpcd-run-hooks' REBIND6 forking to background forked to background, child pid 2130 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 11:17 AM, Jeremy Baker wrote:
the contents of my dhcpcd.conf were:
denyinterfaces eth1 noipv6rs interface ppp0 ipv6rs ipv6only iaid 1 ia_pd 1 eth2/5 duid persistent option rapid_commit option classless_static_routes option interface_mtu
Hope this helps you out.
What's your radvd.conf? tnx jk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
13.05.2016 23:24, James Knott пишет:
On 05/09/2016 11:23 PM, Andrei Borzenkov wrote:
IP address on LAN interface (if you mean router) is assigned by dhcpcd. radvd job is just to pick up prefix from it and advertise. So forget about radvd until you actually got prefix delegation working. How do you start it (exact command line)? Does dhcpcd request prefix? Does it get anything back? Start it with --debug and check logs.
firewall:/etc # dhcpcd --debug dhcpcd-6.10.1 starting eth0: disabling kernel IPv6 RA support eth1: disabling kernel IPv6 RA support eth0: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth0: executing `/usr/lib/dhcpcd-run-hooks' CARRIER eth1: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth1: executing `/usr/lib/dhcpcd-run-hooks' CARRIER DUID 00:01:00:01:1e:c2:1b:8a:00:14:d1:2b:ed:ea eth0: IAID 00:00:00:01 eth0: IAID 00:00:00:02 eth0: delaying IPv6 router solicitation for 0.4 seconds eth0: reading lease `/var/db/dhcpcd-eth0.lease6' eth0: DHCPv6 REPLY: Unknown binding eth0: accepted reconfigure key eth0: rebinding prior DHCPv6 lease eth0: delaying REBIND6 (xid 0x2aa365), next in 0.8 seconds eth1: IAID 17:a7:f2:d3 eth0: soliciting an IPv6 router eth0: sending Router Solicitation eth0: broadcasting REBIND6 (xid 0x2aa365), next in 1.0 seconds eth0: accepted reconfigure key eth0: DHCPv6 REPLY: Unknown binding eth0: REPLY6 received from fe80::217:10ff:fe91:41f eth0: adding address 2607:f798:804:93:4c11:38f0:afc:dd1b/128 eth0: pltime 171644 seconds, vltime 343870 seconds eth0: renew in 85822 seconds, rebind in 137315 seconds eth0: writing lease `/var/db/dhcpcd-eth0.lease6' eth0: waiting for DHCPv6 DAD to complete eth0: DHCPv6 DAD completed eth0: executing `/usr/lib/dhcpcd-run-hooks' REBIND6 forking to background forked to background, child pid 2130
It does not show anything related to PD. At this point I would be curious to see actual packet capture on client from the very beginning. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/14/2016 01:10 AM, Andrei Borzenkov wrote:
It does not show anything related to PD. At this point I would be curious to see actual packet capture on client from the very beginning.
Here's what's captured immediately after starting dhcpcd: No. Time Source Destination Protocol Length Info 1 0.000000000 fe80::214:d1ff:fe2b:edea ff02::1:2 DHCPv6 251 Rebind XID: 0xd07562 CID: 0 00100011ec21b8a0014d12bedea IAA: 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 1: 251 bytes on wire (2008 bits), 251 bytes captured (2008 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::1:2 (ff02::1:2) User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547) DHCPv6 No. Time Source Destination Protocol Length Info 2 0.022977000 fe80::217:10ff:fe91:41f fe80::214:d1ff:fe2b:edea DHCPv6 306 Reply XID: 0xd07562 CID: 000100011ec21b8a0014d12bedea IAA: 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 2: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Casa_91:04:1f (00:17:10:91:04:1f), Dst: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea) Internet Protocol Version 6, Src: fe80::217:10ff:fe91:41f (fe80::217:10ff:fe91:41f), Dst: fe80::214:d1ff:fe2b:ede a (fe80::214:d1ff:fe2b:edea) User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546) DHCPv6 No. Time Source Destination Protocol Length Info 3 0.029390000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 170 Multicast Listener Report M essage v2 Frame 3: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 4 0.099893000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 70 Router Solicitation from 00 :14:d1:2b:ed:ea Frame 4: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) ^Cfirewall:~ # cat dhcpcd No. Time Source Destination Protocol Length Info 1 0.000000000 fe80::214:d1ff:fe2b:edea ff02::1:2 DHCPv6 251 Rebind XID: 0xd07562 CID: 000100011ec21b8a0014d12bedea IAA: 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 1: 251 bytes on wire (2008 bits), 251 bytes captured (2008 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::1:2 (ff02::1:2) User Datagram Protocol, Src Port: 546 (546), Dst Port: 547 (547) DHCPv6 No. Time Source Destination Protocol Length Info 2 0.022977000 fe80::217:10ff:fe91:41f fe80::214:d1ff:fe2b:edea DHCPv6 306 Reply XID: 0xd07562 CID: 000100011ec21b8a0014d12bedea IAA: 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 2: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Ethernet II, Src: Casa_91:04:1f (00:17:10:91:04:1f), Dst: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea) Internet Protocol Version 6, Src: fe80::217:10ff:fe91:41f (fe80::217:10ff:fe91:41f), Dst: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea) User Datagram Protocol, Src Port: 547 (547), Dst Port: 546 (546) DHCPv6 No. Time Source Destination Protocol Length Info 3 0.029390000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 170 Multicast Listener Report Message v2 Frame 3: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 4 0.099893000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 70 Router Solicitation from 00:14:d1:2b:ed:ea Frame 4: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::2 (ff02::2) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 5 0.745368000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 170 Multicast Listener Report Message v2 Frame 5: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 6 1.017378000 :: ff02::1:fffc:dd1b ICMPv6 78 Neighbor Solicitation for 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 6: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_ff:fc:dd:1b (33:33:ff:fc:dd:1b) Internet Protocol Version 6, Src: :: (::), Dst: ff02::1:fffc:dd1b (ff02::1:fffc:dd1b) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 7 2.018755000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush fe80::214:d1ff:fe2b:edea Frame 7: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 8 2.025393000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 90 Multicast Listener Report Message v2 Frame 8: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 9 2.037400000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 90 Multicast Listener Report Message v2 Frame 9: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 10 2.174521000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 214 Standard query 0x0000 ANY b.1.d.d.c.f.a.0.0.f.8.3.1.1.c.4.3.9.0.0.4.0.8.0.8.9.7.f.7.0.6.2.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 10: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 11 2.425498000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 214 Standard query 0x0000 ANY b.1.d.d.c.f.a.0.0.f.8.3.1.1.c.4.3.9.0.0.4.0.8.0.8.9.7.f.7.0.6.2.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 11: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 12 2.676536000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 214 Standard query 0x0000 ANY b.1.d.d.c.f.a.0.0.f.8.3.1.1.c.4.3.9.0.0.4.0.8.0.8.9.7.f.7.0.6.2.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 12: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 13 2.877679000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 13: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 14 3.983582000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 14: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 15 4.100982000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 70 Router Solicitation from 00:14:d1:2b:ed:ea Frame 15: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::2 (ff02::2) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 16 6.089818000 2607:f798:804:93:4c11:38f0:afc:dd1b ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 16: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: 2607:f798:804:93:4c11:38f0:afc:dd1b (2607:f798:804:93:4c11:38f0:afc:dd1b), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 17 8.102563000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 70 Router Solicitation from 00:14:d1:2b:ed:ea Frame 17: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::2 (ff02::2) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 18 12.104186000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 70 Router Solicitation from 00:14:d1:2b:ed:ea Frame 18: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::2 (ff02::2) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 19 12.106979000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush 2607:f798:804:93:4c11:38f0:afc:dd1b Frame 19: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 20 12.113401000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 110 Multicast Listener Report Message v2 Frame 20: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 21 12.330772000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 214 Standard query 0x0000 ANY a.e.d.e.b.2.e.f.f.f.1.d.4.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 21: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 22 12.369357000 fe80::214:d1ff:fe2b:edea ff02::16 ICMPv6 110 Multicast Listener Report Message v2 Frame 22: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 23 12.581672000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 214 Standard query 0x0000 ANY a.e.d.e.b.2.e.f.f.f.1.d.4.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 23: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 24 12.832762000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 214 Standard query 0x0000 ANY a.e.d.e.b.2.e.f.f.f.1.d.4.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa, "QM" question ANY firewall.local, "QM" question Frame 24: 214 bytes on wire (1712 bits), 214 bytes captured (1712 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (query) No. Time Source Destination Protocol Length Info 25 13.033777000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush fe80::214:d1ff:fe2b:edea Frame 25: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 26 14.207116000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush fe80::214:d1ff:fe2b:edea Frame 26: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 27 16.381999000 fe80::214:d1ff:fe2b:edea ff02::fb MDNS 202 Standard query response 0x0000 PTR, cache flush firewall.local AAAA, cache flush fe80::214:d1ff:fe2b:edea Frame 27: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353) Domain Name System (response) No. Time Source Destination Protocol Length Info 28 89.287617000 fe80::217:10ff:fe91:41f ff02::1 ICMPv6 90 Multicast Listener Query Frame 28: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0 Ethernet II, Src: Casa_91:04:1f (00:17:10:91:04:1f), Dst: IPv6mcast_01 (33:33:00:00:00:01) Internet Protocol Version 6, Src: fe80::217:10ff:fe91:41f (fe80::217:10ff:fe91:41f), Dst: ff02::1 (ff02::1) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 29 89.291534000 fe80::217:10ff:fe91:41f ff02::1 ICMPv6 86 Multicast Listener Query Frame 29: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Casa_91:04:1f (00:17:10:91:04:1f), Dst: IPv6mcast_01 (33:33:00:00:00:01) Internet Protocol Version 6, Src: fe80::217:10ff:fe91:41f (fe80::217:10ff:fe91:41f), Dst: ff02::1 (ff02::1) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 30 90.556962000 fe80::c6e9:84ff:fe82:7238 ff02::16 ICMPv6 90 Multicast Listener Report Message v2 Frame 30: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0 Ethernet II, Src: Tp-LinkT_82:72:38 (c4:e9:84:82:72:38), Dst: IPv6mcast_16 (33:33:00:00:00:16) Internet Protocol Version 6, Src: fe80::c6e9:84ff:fe82:7238 (fe80::c6e9:84ff:fe82:7238), Dst: ff02::16 (ff02::16) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 31 91.109368000 fe80::214:d1ff:fe2b:edea ff02::1:ff00:0 ICMPv6 86 Multicast Listener Report Frame 31: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_ff:00:00:00 (33:33:ff:00:00:00) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::1:ff00:0 (ff02::1:ff00:0) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 32 91.221363000 fe80::214:d1ff:fe2b:edea ff02::1:ff2b:edea ICMPv6 86 Multicast Listener Report Frame 32: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_ff:2b:ed:ea (33:33:ff:2b:ed:ea) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::1:ff2b:edea (ff02::1:ff2b:edea) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 33 91.461368000 fe80::214:d1ff:fe2b:edea ff02::fb ICMPv6 86 Multicast Listener Report Frame 33: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_fb (33:33:00:00:00:fb) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::fb (ff02::fb) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 34 92.181369000 fe80::214:d1ff:fe2b:edea ff02::2 ICMPv6 86 Multicast Listener Report Frame 34: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Trendnet_2b:ed:ea (00:14:d1:2b:ed:ea), Dst: IPv6mcast_02 (33:33:00:00:00:02) Internet Protocol Version 6, Src: fe80::214:d1ff:fe2b:edea (fe80::214:d1ff:fe2b:edea), Dst: ff02::2 (ff02::2) Internet Control Message Protocol v6 No. Time Source Destination Protocol Length Info 35 92.256985000 fe80::c6e9:84ff:fe82:7238 ff02::1:ff82:7238 ICMPv6 86 Multicast Listener Report Frame 35: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface 0 Ethernet II, Src: Tp-LinkT_82:72:38 (c4:e9:84:82:72:38), Dst: IPv6mcast_ff:82:72:38 (33:33:ff:82:72:38) Internet Protocol Version 6, Src: fe80::c6e9:84ff:fe82:7238 (fe80::c6e9:84ff:fe82:7238), Dst: ff02::1:ff82:7238 (ff02::1:ff82:7238) Internet Control Message Protocol v6 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
15.05.2016 00:44, James Knott пишет:
On 05/14/2016 01:10 AM, Andrei Borzenkov wrote:
It does not show anything related to PD. At this point I would be curious to see actual packet capture on client from the very beginning.
Here's what's captured immediately after starting dhcpcd:
There is no trace of prefix delegation request in output you posted. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/15/2016 12:25 AM, Andrei Borzenkov wrote:
15.05.2016 00:44, James Knott пишет:
On 05/14/2016 01:10 AM, Andrei Borzenkov wrote:
It does not show anything related to PD. At this point I would be curious to see actual packet capture on client from the very beginning. Here's what's captured immediately after starting dhcpcd:
There is no trace of prefix delegation request in output you posted.
I recreated dhcpcd.conf from scratch, as shown: # cat /etc/dhcpcd.conf duid # DHCP Unique Identifier noipv6rs # No IPv6 router solicitation waitip 6 #Wait for IPv6 address # Uncomment this line if you are running dhcpcd for IPv6 only. ipv6only #Run dhcpcd for IPv6 only # use the interface connected to WAN interface eth0 # WAN ipv6rs # IPv6 router solicitation for WAN interface iaid 1 # Set the Interface Association Identifier for WAN ia_na 1 # Request an IPv6 address for WAN interface ia_pd 2 eth1/0 # Request prefix for LAN Sometimes it works and sometimes it doesn't. When it works, I get <prefix>::1 on the LAN port, as it should for a gateway. However, when it fails, I get the following: # dhcpcd --debug dhcpcd-6.10.1 starting eth0: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth0: executing `/usr/lib/dhcpcd-run-hooks' CARRIER eth1: executing `/usr/lib/dhcpcd-run-hooks' PREINIT eth1: executing `/usr/lib/dhcpcd-run-hooks' CARRIER DUID 00:01:00:01:1e:c2:1b:8a:00:14:d1:2b:ed:ea eth0: IAID d1:2b:ed:ea eth1: IAID 17:a7:f2:d3 timed out forking to background forked to background, child pid 2204 When this happens, Wireshark doesn't show any DHCPv6 activity, so it's not even trying to get an address. Very frustrating! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 10-05-16 om 13:29 schreef Carlos E. R.:
Please allow my ignorance, I'll place a question for my learning :-)
I thought the general purpose is to get a large range (/64) IPv6 addresses from the ISP. A single one is assigned to the external interface of the entry router, another single one to the internal interface, and then the router hands over (2^64 -2) addresses to the millions of possible internal machines, each one with an IPv6 real world address, so that any internal machine is reachable (if the router firewall permits it) from the world.
A little late, but I can't resist. AFAIK, *all* addresses of the given prefix are intended for the *internal* network. Just like in ipv4 the external address and internal address or a router should be in a different subnet (=prefix in ipv6 language). Otherwise, how is the router going to decide which way a packet has to go ? Internal : 192.168.0.1/24, external 192.168.0.2/24. Where does it send a packet for 192.168.0.3/24 ? Likewise for ipv6. It is possible to devide the prefix further in smaller prefixes, but, AFAIK, that's not preferred. Koenraad. P.S. I'm no guru, I'm trying to understand ipv6. So please correct me if I'm wrong. Also links to study-material are welcome ! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/19/2016 06:42 AM, Koenraad Lelong wrote:
Op 10-05-16 om 13:29 schreef Carlos E. R.:
Please allow my ignorance, I'll place a question for my learning :-)
I thought the general purpose is to get a large range (/64) IPv6 addresses from the ISP. A single one is assigned to the external interface of the entry router, another single one to the internal interface, and then the router hands over (2^64 -2) addresses to the millions of possible internal machines, each one with an IPv6 real world address, so that any internal machine is reachable (if the router firewall permits it) from the world.
A little late, but I can't resist.
AFAIK, *all* addresses of the given prefix are intended for the *internal* network. Just like in ipv4 the external address and internal address or a router should be in a different subnet (=prefix in ipv6 language). Otherwise, how is the router going to decide which way a packet has to go ? Internal : 192.168.0.1/24, external 192.168.0.2/24. Where does it send a packet for 192.168.0.3/24 ? Likewise for ipv6. It is possible to devide the prefix further in smaller prefixes, but, AFAIK, that's not preferred.
Koenraad.
As with IPv4, the LAN side of the router must be on the same subnet as the local network, so you still use 1 address there. With IPv4, the other side of the router has an address on a different subnet or may use just the interface ID for point to point links. With IPv6, the link local address is typically used, instead of a separate subnet to reach the next router. Also, IPv4 loses 1 address to the broadcast address. As there is no such thing as a broadcast address in IPv6, this no longer applies.
P.S. I'm no guru, I'm trying to understand ipv6. So please correct me if I'm wrong. Also links to study-material are welcome !
This is an excellent book: http://shop.oreilly.com/product/0636920023432.do -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, May 19, 2016 at 2:19 PM, James Knott
As with IPv4, the LAN side of the router must be on the same subnet as the local network, so you still use 1 address there.
No. Router can use link local addresses only. It does not need any public address or address in any given prefix. Actually, nothing in IPv4 requires this as well. It is more historically grown convention to indicate which addresses are link local. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/19/2016 07:58 AM, Andrei Borzenkov wrote:
As with IPv4, the LAN side of the router must be on the same subnet as the local network, so you still use 1 address there. No. Router can use link local addresses only. It does not need any
On Thu, May 19, 2016 at 2:19 PM, James Knott
wrote: public address or address in any given prefix.
As I mentioned, it usually uses the link local address, but can use an address from the local network..
Actually, nothing in IPv4 requires this as well. It is more historically grown convention to indicate which addresses are link local. What choice to you have in a broadcast domain, other than an IP address within the subnnet? As I mentioned, the interface can be used on point to point links.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
20.05.2016 04:29, James Knott пишет:
On 05/19/2016 07:58 AM, Andrei Borzenkov wrote:
As with IPv4, the LAN side of the router must be on the same subnet as the local network, so you still use 1 address there. No. Router can use link local addresses only. It does not need any
On Thu, May 19, 2016 at 2:19 PM, James Knott
wrote: public address or address in any given prefix. As I mentioned, it usually uses the link local address, but can use an address from the local network..
I replied to your statement "must be on the same subnet". Now you say "no, it can". It really looks like arguing for the sake of arguing.
Actually, nothing in IPv4 requires this as well. It is more historically grown convention to indicate which addresses are link local. What choice to you have in a broadcast domain, other than an IP address within the subnnet?
Choice of what? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/05/2016 12:42, Koenraad Lelong wrote:
Koenraad.
P.S. I'm no guru, I'm trying to understand ipv6. So please correct me if I'm wrong. Also links to study-material are welcome !
This ibm red book has a good ipv6 section: https://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf Dave P -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/19/2016 11:31 PM, Andrei Borzenkov wrote:
20.05.2016 04:29, James Knott пишет:
On 05/19/2016 07:58 AM, Andrei Borzenkov wrote:
As with IPv4, the LAN side of the router must be on the same subnet as the local network, so you still use 1 address there. No. Router can use link local addresses only. It does not need any
On Thu, May 19, 2016 at 2:19 PM, James Knott
wrote: public address or address in any given prefix. As I mentioned, it usually uses the link local address, but can use an address from the local network.. I replied to your statement "must be on the same subnet". Now you say "no, it can". It really looks like arguing for the sake of arguing.
Actually, nothing in IPv4 requires this as well. It is more historically grown convention to indicate which addresses are link local. What choice to you have in a broadcast domain, other than an IP address within the subnnet? Choice of what? Choice for the router on the local LAN. In IPv4, you need an address within the subnet. With IPv6, you can still do that, but usually use
Which side of the router are we referring to? If the LAN side, on IPv4, the address must be within the subnet. This is also available with IPv6, but link local address is generally used. On the WAN side, with IPv4, a separate subnet must be used, except that on a point to point link the interface can be used. Again, with IPv6, you can use some subnet address, interface or link local. the link local address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/20/2016 03:11 AM, Dave Plater wrote:
On 19/05/2016 12:42, Koenraad Lelong wrote:
Koenraad.
P.S. I'm no guru, I'm trying to understand ipv6. So please correct me if I'm wrong. Also links to study-material are welcome !
This ibm red book has a good ipv6 section: https://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf
Dave P
It is a good book, but given that it's 10 years old, a bit dated. There have been some changes since then. If fact that IPv6 Essentials book I mentioned recently came out with a 3rd edition to cover some recent changes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/08/2016 12:43 PM, James Knott wrote:
On 05/08/2016 12:14 PM, Per Jessen wrote:
I can build a dhcpcd 6.10 for you for Leap, no trouble at all. I wonder how to make wicked understand that we're using a separate dhcpcd binary. I've already install 6.10 from rpm. I have no idea about wicked, as I've never used it before. So, I have to get dhcpcd to start, get the prefix and then start up radvd with the IPv6 prefix.
After 2 weeks of frustration, I gave up on getting Leap to work with dhcpv6-pd. This morning I downloaded & installed pfsense and it's now working fine. Now to update my DNS records to reflect the new IPv6 addresses. <rant> One thing I've noticed over the past few years is that the openSUSE developers seem more interested in eye candy, rather than function. In addition to this issue, I noticed some other issues with Leap. For example, pressing Alt-tab to change apps often doesn't work. Another thing is when I leave the computer for a while and have to enter my password to get in, I often can't. Either it will accept only one character or none, making it impossible to login without killing the session. Also, When rebooting I often right click on the desktop and go from there. Apparently, with Leap, I have to use the Menu button to reboot. This represents another loss of function. Leap is pretty though, so I guess that's all that matters to the developers. What matters to me is that I won't be moving any of my systems from 13.1 any time soon. </rant> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 12:49 PM, James Knott wrote:
<rant> [snip] What matters to me is that I won't be moving any of my systems from 13.1 any time soon. </rant>
Thank you for this. Although I'm a KDE user I'm finding myself turning off the eye candy for a variety of reasons. I, too, think I'll stick with 13.1 for the foreseeable future. I might, however, consult you about IPv6 someday :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 09:49 AM, James Knott wrote:
What matters to me is that I won't be moving any of my systems from 13.1 any time soon.
But isn't Evergreen support scheduled to cease for 13.1 in November 2016? Would you be self-maintaining security updates, James? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 01:12 PM, Anton Aylward wrote:
On 05/23/2016 12:49 PM, James Knott wrote:
<rant> [snip] What matters to me is that I won't be moving any of my systems from 13.1 any time soon. </rant> Thank you for this. Although I'm a KDE user I'm finding myself turning off the eye candy for a variety of reasons.
I, too, think I'll stick with 13.1 for the foreseeable future. I might, however, consult you about IPv6 someday :-)
Does your ISP provide native IPv6? I'm on Rogers and they started providing it a few weeks back. Failing that, you could use a tunnel, as I did for about 6 years. If your ISP doesn't support IPv6, perhaps you could call them and ask why they're stuck in the dark ages. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 01:16 PM, Lew Wolfgang wrote:
On 05/23/2016 09:49 AM, James Knott wrote:
What matters to me is that I won't be moving any of my systems from 13.1 any time soon.
But isn't Evergreen support scheduled to cease for 13.1 in November 2016? Would you be self-maintaining security updates, James?
Perhaps I'll just wait until something better than Leap comes out. Judging from what I've been reading on this list, there are other problems with it too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
23.05.2016 20:18, James Knott пишет:
Does your ISP provide native IPv6? I'm on Rogers and they started providing it a few weeks back. Failing that, you could use a tunnel, as I did for about 6 years.
Is IPv6 tunnel possible without permanent public IPv4 address? I briefly tried one of tunneling solutions but it did not work. I am behind NAT here ... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 01:29 PM, Andrei Borzenkov wrote:
23.05.2016 20:18, James Knott пишет:
Does your ISP provide native IPv6? I'm on Rogers and they started providing it a few weeks back. Failing that, you could use a tunnel, as I did for about 6 years.
Is IPv6 tunnel possible without permanent public IPv4 address? I briefly tried one of tunneling solutions but it did not work. I am behind NAT here ...
That depends. The tunnel I used had a client that managed things. but it may be shutting down in the not too distant future. How stable is your address? My IPv4 address, while DHCP, changes so seldom, it's virtually static. I could easily configure a tunnel using it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
23.05.2016 20:34, James Knott пишет:
On 05/23/2016 01:29 PM, Andrei Borzenkov wrote:
23.05.2016 20:18, James Knott пишет:
Does your ISP provide native IPv6? I'm on Rogers and they started providing it a few weeks back. Failing that, you could use a tunnel, as I did for about 6 years.
Is IPv6 tunnel possible without permanent public IPv4 address? I briefly tried one of tunneling solutions but it did not work. I am behind NAT here ...
That depends. The tunnel I used had a client that managed things. but it may be shutting down in the not too distant future. How stable is your address?
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
My IPv4 address, while DHCP, changes so seldom, it's virtually static. I could easily configure a tunnel using it.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 02:18 PM, Andrei Borzenkov wrote:
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
I've found that even tough I'm (my desktop at home) behind a NAT and some of devices (e.g. wireless at home) are behind a double NAT, a 'traceroute' will show up the steps along the way, including the DHCP gateway here you go, stripping out all the irrelevant stuff # traceroute www.microsoft.com traceroute to www.microsoft.com (72.246.108.157), 30 hops max, 60 byte packets ... CPE00146c049fe7-CM00195ee35528.cpe.net.cable.rogers.com (99.225.198.63) 25.968 ms 26.520 ms 27.070 ms That is the DHCP assigned address that my ISP hands out to my NAT firewall. Why don't you try something like that. I just picked Microsoft because it was "adequately distant". Sidebar: Rogers actually have a /23 but the /11 seems to be for Toronto customers. James, what address has Rogers given you? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 01:19 PM, James Knott wrote:
On 05/23/2016 01:16 PM, Lew Wolfgang wrote:
On 05/23/2016 09:49 AM, James Knott wrote:
What matters to me is that I won't be moving any of my systems from 13.1 any time soon.
But isn't Evergreen support scheduled to cease for 13.1 in November 2016? Would you be self-maintaining security updates, James?
Perhaps I'll just wait until something better than Leap comes out. Judging from what I've been reading on this list, there are other problems with it too.
+1 But, please, avoid Ubuntu! Redhat has a good-but-interesting reputation of you want a innovative but not ridiculous venture. I might pull another machine from the Closet and try it sometime. Friends are using mageia. It works for them, but one of the reasons I changed from mandrake to Suse was mageia. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 02:18 PM, Andrei Borzenkov wrote:
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
That's a killer. It's also an excellent example of why NAT is so bad and why IPv6 is essential. I currently get a /64 prefix from my ISP, though it may be increased later. That provides 2^64 addresses, so every IPv6 capable device I have gets a global unicast address and then some. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 02:34 PM, Anton Aylward wrote:
# traceroute www.microsoft.com traceroute to www.microsoft.com (72.246.108.157), 30 hops max, 60 byte packets ... CPE00146c049fe7-CM00195ee35528.cpe.net.cable.rogers.com (99.225.198.63) 25.968 ms 26.520 ms 27.070 ms
That is the DHCP assigned address that my ISP hands out to my NAT firewall.
Since you're on Rogers, you should have IPv6 available, though you might have to change your modem. I did that and my bill dropped by about $50/month!
Sidebar: Rogers actually have a /23 but the /11 seems to be for Toronto customers. James, what address has Rogers given you?
IPv4 or IPv6? I have a single public IPv4 address with a /23 subnet mask and a /64 prefix on IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-23 21:09, James Knott wrote:
Since you're on Rogers, you should have IPv6 available, though you might have to change your modem. I did that and my bill dropped by about $50/month!
I'm curious. Why would that be (about the bill, I mean). Maybe because you could drop the tunnel? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-24 00:20, Carlos E. R. wrote:
On 2016-05-23 21:09, James Knott wrote:
Since you're on Rogers, you should have IPv6 available, though you might have to change your modem. I did that and my bill dropped by about $50/month!
I'm curious. Why would that be (about the bill, I mean). Maybe because you could drop the tunnel?
Scrap that. I saw that you explained already. :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/23/2016 06:20 PM, Carlos E. R. wrote:
On 2016-05-23 21:09, James Knott wrote:
Since you're on Rogers, you should have IPv6 available, though you might have to change your modem. I did that and my bill dropped by about $50/month! I'm curious. Why would that be (about the bill, I mean). Maybe because you could drop the tunnel?
It was because the modem I got was part of a package deal. It has nothing to do with the tunnel. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
In addition to this issue, I noticed some other issues with Leap. For example, pressing Alt-tab to change apps often doesn't work.
Yep, I have noticed that too. I often have to press alt-tab more than a few times for it to work. I hesitate reportying it, coz' what can I say other than "Alt-Tab doesn't always work" :-)
Another thing is when I leave the computer for a while and have to enter my password to get in, I often can't. Either it will accept only one character or none, making it impossible to login without killing the session.
Depending on how long "a while" is, this could be the plasmashell or sddm-greeter gobbling up memory, and eventually being killed. I have an open bugreport on that.
Leap is pretty though, so I guess that's all that matters to the developers. What matters to me is that I won't be moving any of my systems from 13.1 any time soon.
Same here. -- Per Jessen, Zürich (9.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
James Knott wrote:
In addition to this issue, I noticed some other issues with Leap. For example, pressing Alt-tab to change apps often doesn't work.
Yep, I have noticed that too. I often have to press alt-tab more than a few times for it to work. I hesitate reportying it, coz' what can I say other than "Alt-Tab doesn't always work" :-)
https://bugzilla.opensuse.org/show_bug.cgi?id=981272 -- Per Jessen, Zürich (9.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/23/2016 03:05 PM, James Knott wrote:
On 05/23/2016 02:18 PM, Andrei Borzenkov wrote:
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
That's a killer. It's also an excellent example of why NAT is so bad and why IPv6 is essential. I currently get a /64 prefix from my ISP, though it may be increased later. That provides 2^64 addresses, so every IPv6 capable device I have gets a global unicast address and then some.
Sorry, I don't get this. I agree James about IPv6. I'm a Whitebeard who remembers when IPv4 was lightly populated and all connectivity was host-to-host and NAT-less, before Al Gore invented the Internet. [ Cue https://www.youtube.com/watch?v=y3KEhWTnWvE ] NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil". But pinging though, doing a traceroute though a NAT firewall works. provided, that is, you've configured it to allow that. I mean, heck, it *IS* a firewall and you can tell any firewall, even the ones that aren't NAT, even the host-layer ones, to filter out ICMP. Or not. So assuming that Andrei has that capability turned off - that is no filtering of ICMP, he should be able to ping and traceroute though a NAT. Yes, the NAT code will dick around with UDP and ICMP in curious ways and those curious ways will be different for each vendor, but all the versions I've come across have the capability to pass UDP and ICMP back and forth. Yes there's a time window. And stacking NAT? Well a NAT doesn't care what is generating the UDP and ICMP. if it comes via another NAT router, then why should it care. Here's the proof in the real world: I have a Netgear firewall. Its a NAT device. It has a series of ports in the back. Plugged into one of those ports is my Cisco/lynksis WRT53Gv2 wifi router. That's a NAT device as well. So when I traceroute/ping from my tablet over wifi though the double-NAT .... It works. It works because I have UDP and ICMP forwarding turned on in both cases. Back in Message-ID: <18437434-c801-6841-643c-15abc4480a6f@antonaylward.com> Date: Mon, 23 May 2016 14:34:29 -0400 I suggested Andrei try a traceroute. OK, I forgot to mention making sure that his NATs had ICMP forwarding tuned on. Andrei, did you try that? James, while I agree with you about IPv6 and the - unfortunately necessary - "evil" of NAT, please don't let your your enthusiasm for IPv6 become a religious fervour that turns into a Reality Distortion Field. The world will flip over to IPv6 and the changeover will be sudden and dramatic, a true Rene Thom[1] 'catastrophe'. It has to happen. The only issue is "will it happen before the end of technological civilization in the next 4 years?" [1] https://en.wikipedia.org/wiki/Ren%C3%A9_Thom -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, May 24, 2016 at 2:45 PM, Anton Aylward
On 05/23/2016 03:05 PM, James Knott wrote:
On 05/23/2016 02:18 PM, Andrei Borzenkov wrote:
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
That's a killer. It's also an excellent example of why NAT is so bad and why IPv6 is essential.
??? I'm fine with IPv4 so far and do not feel like I miss anything. So I am not sure how you came to this conclusion. ...
Andrei, did you try that?
Try what? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 08:41 AM, Andrei Borzenkov wrote:
On Tue, May 24, 2016 at 2:45 PM, Anton Aylward
wrote: On 05/23/2016 03:05 PM, James Knott wrote:
On 05/23/2016 02:18 PM, Andrei Borzenkov wrote:
No idea. I do not even see it - it actually double NAT (provider box gets private address as well).
That's a killer. It's also an excellent example of why NAT is so bad and why IPv6 is essential.
??? I'm fine with IPv4 so far and do not feel like I miss anything. So I am not sure how you came to this conclusion.
Careful! Don't conflate what James is saying and what I'm saying. NAT may be an 'evil' but its a necessary evil and delivers what is needed for many users, yourself and myself included. It does the job. it will keep doing the job for the immediate future. As, who was it? Disraeli?, said: Change is not necessary until change is necessary. When your ISP says "we're not supporting IPv4 any more" and you can't find an alternative ISP who does, or when you need a IPv6 space for your household IoT, then "change is necessary". Until then, don't sweat it. "Keep calm and carry on".
...
Andrei, did you try that?
Try what?
The traceroute I suggested in the earlier email that I referenced: Message-ID: <18437434-c801-6841-643c-15abc4480a6f@antonaylward.com> Date: Mon, 23 May 2016 14:34:29 -0400 -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, May 24, 2016 at 4:10 PM, Anton Aylward
Try what?
The traceroute I suggested in the earlier email that I referenced:
What for? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 09:45 AM, Andrei Borzenkov wrote:
On Tue, May 24, 2016 at 4:10 PM, Anton Aylward
wrote: Try what?
The traceroute I suggested in the earlier email that I referenced:
What for?
Go back though the thread. You said you couldn't. IIR it was about finding your IP address. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, May 24, 2016 at 5:21 PM, Anton Aylward
On 05/24/2016 09:45 AM, Andrei Borzenkov wrote:
On Tue, May 24, 2016 at 4:10 PM, Anton Aylward
wrote: Try what?
The traceroute I suggested in the earlier email that I referenced:
What for?
Go back though the thread. You said you couldn't.
No. I did not.
IIR it was about finding your IP address.
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon?
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 10:23 AM, Andrei Borzenkov wrote:
On Tue, May 24, 2016 at 5:21 PM, Anton Aylward
wrote: On 05/24/2016 09:45 AM, Andrei Borzenkov wrote:
On Tue, May 24, 2016 at 4:10 PM, Anton Aylward
wrote: Try what?
The traceroute I suggested in the earlier email that I referenced:
What for?
Go back though the thread. You said you couldn't.
No. I did not.
IIR it was about finding your IP address.
You said you couldn't see you (public) IP address because it was behind a double-NAT. James brought up the diversion into IPv6, which had nothing to do with whether you could or couldn't. As I said, I agree that you're fine with your present IPv4. Knowing your address, being able to ping out, being able to traceroute, lets you test and diagnose a whole raft of other issues. You have had, in the past, other networking problems, with wiked, network management, wifi .... that you've recently asked about. These network tools (and others) at least let you wolf-fence the problems that can arise with networking. Saying that you don't need to know any of this is not a good attitude. As many have commented, the price we pay for using Linux is that we have to be out own sysadmins/netadmins. Not necessarily Gurus, but at least conversant with out basic configuration. </lecture> -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil".
It's a hack that breaks many things. It was created to extend the life of IPv4, by getting around the address shortage. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 08:41 AM, Andrei Borzenkov wrote:
That's a killer. It's also an excellent example of why NAT is so bad
and why IPv6 is essential. ??? I'm fine with IPv4 so far and do not feel like I miss anything. So I am not sure how you came to this conclusion.
NAT was designed to get around the IPv4 address shortage. Unfortunately it breaks things. For example, if you want to access a computer behind your firewall, you have to use port forwarding. That's fine for 1 computer, but what if you have 2 or more you want to access? It also gets in the way of some games and VoIP. It also breaks part of IPSec called Authentication Headers. AH are use to verify the headers are not tampered with, but guess what NAT does? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil".
It's a hack that breaks many things. It was created to extend the life of IPv4, by getting around the address shortage.
Ahm, not quite. NAT is an untended consequence of RFC1918, "Address Allocation for Private Internets" To quote the original "Motivation
With the proliferation of TCP/IP technology worldwide, including outside the Internet itself, an increasing number of non-connected enterprises use this technology and its addressing capabilities for sole intra-enterprise communications, without any intention to ever directly connect to other enterprises or the Internet itself.
The intent of the NAT was secondary and was originally concerned with simplifying an exponential explosion of routing. As it happened, route aggregation, so as to manage the size & complexity of routing tables, was solved by other means. The wholesale adoption by service providers might be termed an "emergent property" rather than the original planned intent. Your explanation of "why NAT is evil" is way, way to complicated. You could simply say that it breaks the supposition of many profols of reciprocal point to point addressing. Personally, I think that RFC1918 is poorly written and tries to say two, perhaps three or more things at once without clearly differentiating them. Its motivation and its conclusion are at odds with one another. Your list of the things that NAT "breaks" is correct but for the mass of users are irrelevant. Mike Palpinsky, in other writings as well as his RFCs, advocated point to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN is concerned, the IP protocol is less efficient than so e of the LAN protocols of history: Novell's. "Lantastic" and other. But they are LAN protocols and not rotatable. Yes, gateways were written for some of them, particularly for email. In many ways those gateways or protocol translators served the same function as NAT, they hid an internal, non-routable network from the Internet at large. You see NAT as something that breaks the Internet, James, since it uses non-routeable addresses which, by definition, cannot permit host to host addressing. Other people see it as the magic which allows their private networks to make use of the Internet. Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router is the definitive configuration plug and play. All his LAN devices get DHCP addresses and the router itself gets a DHCP address from the ISP. The issues you raise, IPSEC and setting up a server behind the NAT with port forwarding are not for the Joe Sixpack. Anyone doing that kind of thing is more technically sophisticated. Any anyway, every NAT firewall I have also has VPN capability. Strange that .... eh? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 08:16 PM, Anton Aylward wrote:
On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private non-routable subnet that was really for "internal testing" . Yes a distortion of intent but also a display of ingenuity on the part of engineers and a gift to marketing. That it has delayed IPv6 is .... yes, I'll grant you, an 'evil". It's a hack that breaks many things. It was created to extend the life of IPv4, by getting around the address shortage. Ahm, not quite. NAT is an untended consequence of RFC1918, "Address Allocation for Private Internets"
To quote the original "Motivation
With the proliferation of TCP/IP technology worldwide, including outside the Internet itself, an increasing number of non-connected enterprises use this technology and its addressing capabilities for sole intra-enterprise communications, without any intention to ever directly connect to other enterprises or the Internet itself. The intent of the NAT was secondary and was originally concerned with simplifying an exponential explosion of routing.
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is.
As it happened, route aggregation, so as to manage the size & complexity of routing tables, was solved by other means.
Whether you have one address or a block of addresses, the routing is much the same. Aggregation was necessary because no thought was given to routing efficiency when the IPv4 address blocks were handed out. The current trend of selling surplus IPv4 address blocks will only make this worse. On the other hand, IPv6 addresses are handed out geographically, so that all the addresses in one part of the world will have a common route from another part.
The wholesale adoption by service providers might be termed an "emergent property" rather than the original planned intent.
Your explanation of "why NAT is evil" is way, way to complicated. You could simply say that it breaks the supposition of many profols of reciprocal point to point addressing.
Personally, I think that RFC1918 is poorly written and tries to say two, perhaps three or more things at once without clearly differentiating them. Its motivation and its conclusion are at odds with one another.
Your list of the things that NAT "breaks" is correct but for the mass of users are irrelevant.
Funny you should mention that. I recently watched a video by someone on Microsoft's XBOX team, talking about the problems NAT causes for games and how the XBOX will always try to use IPv6, even if it has to set up a tunnel to do so. It will only use IPv4 as a last resort.
Mike Palpinsky, in other writings as well as his RFCs, advocated point to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN is concerned, the IP protocol is less efficient than so e of the LAN protocols of history: Novell's. "Lantastic" and other. But they are LAN protocols and not rotatable. Yes, gateways were written for some of them, particularly for email. In many ways those gateways or protocol translators served the same function as NAT, they hid an internal, non-routable network from the Internet at large.
Ummm... Novell's IPX, not Lantastic was routable, along with Apple Talk.
You see NAT as something that breaks the Internet, James, since it uses non-routeable addresses which, by definition, cannot permit host to host addressing. Other people see it as the magic which allows their private networks to make use of the Internet.
It allows their private networks to share one address and that's all it does, in it's favour.
Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router is the definitive configuration plug and play. All his LAN devices get DHCP addresses and the router itself gets a DHCP address from the ISP. The issues you raise, IPSEC and setting up a server behind the NAT with port forwarding are not for the Joe Sixpack. Anyone doing that kind of thing is more technically sophisticated.
All IPv6 devices can use SLAAC or DHCPv6. No configuration either way.
Any anyway, every NAT firewall I have also has VPN capability. Strange that .... eh?
Actual VPN support? Or just pass through? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/24/2016 09:40 PM, James Knott wrote:
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT.
Yes, that's my point. NAT is an emergent proprty of private addresses.
A private address is just that, it doesn't connect to anything.
Ahm, that's not how I would phrase it and its not how RFV1918 phrases it. The term they use, that I use, as in my previous post, is "non routable". That is not the same an "unable to connect" I went on to discuss gateways and translates. A NAT is a gateway and translator.
NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is.
NAT could not happen without private addresses. If you want to think of the translators and gateways that converted the non-routable "private "non IPv4" addresses of a IPX/Novell LAN to the wider Internet, then they do just what Joe Sixpack sees his NAT Linksys router from Best buy doing. Using the IP protocol on both sides of the gateway/translator just makes its implementation simpler, as Mike Padlipsky pointed out. As for aggregation and routing, yes, if we were still limited to RIP and a CIDR model, as you say, the horse-trading of IPv4 blocks would lead to a explosion of routing tables. But that 'explosion' happened last century and there was a solution to it even back then. Its an issue implementing the exterior routing Algorithm based on set theory rather hand sticking with the hierarchical CIDR model. I'm not saying that IPv6 is not the "Right Thing To Do". If we'd had more insight into what the future holds we'd have done it that way to start with. But it was about solving the problem at hand. Engineering is like that. If the people at BBN had tried selling their ideas based on the way we view the Internet now they'd have been dismissed as blue sky dreamers and noting would have been done. But slagging off what was, and still is for many, a perfectly viable engineering compromise (and all of engineering is a compromise as we'll find out when we try doing the IoT and start realising that the energy requirements are!) is a sign of intolerance, and there's a lot of intolerance getting people hurt (and killed). We'll get to IPv6 in time. There's no reason to be nasty about it. I mentioned Disraeli and the "When change is necessary, change is necessary". For many Internet users the change is not yet necessary. Forcing it on others because it *IS* inarguably necessary for some is not going to endear you. Telling people all their kit is obsolete and the *HAVE* to buy new, often when its not in their budget.cycle or when they've just bought other, is not going to endear you. There are good economic reasons we have so much NAT around. I'm not your enemy/opponent in this, James. I'm just saying there is a good reason why people are hanging on to IPv4 and NAT despite the validity of all you say. calling them fools or idiots or short-sighted doesn't help. It just alienates them. Think Yoga, relax, let it happen. Let it happen of its own nature. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/24/2016 08:41 AM, Andrei Borzenkov wrote:
That's a killer. It's also an excellent example of why NAT is so bad and why IPv6 is essential. ??? I'm fine with IPv4 so far and do not feel like I miss anything. So I am not sure how you came to this conclusion.
NAT was designed to get around the IPv4 address shortage. Unfortunately it breaks things. For example, if you want to access a computer behind your firewall, you have to use port forwarding. That's fine for 1 computer, but what if you have 2 or more you want to access? It also gets in the way of some games and VoIP.
James, I'm sure we are all well aware of that. Nonetheless, NAT solved and solves that very real problem, the scarcity of IPv4 addresses. Until IPv6 is omnipresent, it will continue to do so. As you have found yourself, IPv6 omnipresence might still be a while :-( -- Per Jessen, Zürich (10.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is.
RFC1918 is dated 1996, and obsoletes 1597 from 1994. NAT was discussed at least as far back as 1992. (RFC1380, section 2.2.3, paragraph 3).
Funny you should mention that. I recently watched a video by someone on Microsoft's XBOX team, talking about the problems NAT causes for games and how the XBOX will always try to use IPv6, even if it has to set up a tunnel to do so. It will only use IPv4 as a last resort.
Same as openSUSE then. Except for setting up a tunnel. Funny, when I googled "xbox ipv6 tunnel", the first page was all about teredo ipv6 tunnels and the trouble in getting them to work :-) -- Per Jessen, Zürich (10.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 02:29 AM, Per Jessen wrote:
James Knott wrote:
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is. RFC1918 is dated 1996, and obsoletes 1597 from 1994. NAT was discussed at least as far back as 1992. (RFC1380, section 2.2.3, paragraph 3).
I recall talk about using IP on amateur radio in the early 90s. IIRC, they were saying to use the 10. block as that was assigned to the U.S. military and not connected to the Internet and so was safe to use.
Funny you should mention that. I recently watched a video by someone on Microsoft's XBOX team, talking about the problems NAT causes for games and how the XBOX will always try to use IPv6, even if it has to set up a tunnel to do so. It will only use IPv4 as a last resort. Same as openSUSE then. Except for setting up a tunnel. Funny, when I googled "xbox ipv6 tunnel", the first page was all about teredo ipv6 tunnels and the trouble in getting them to work :-)
Well, it is from Microsoft... ;-) I had a 6in4 tunnel up for 6 years. Worked well. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/25/2016 02:29 AM, Per Jessen wrote:
James Knott wrote:
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is. RFC1918 is dated 1996, and obsoletes 1597 from 1994. NAT was discussed at least as far back as 1992. (RFC1380, section 2.2.3, paragraph 3).
I recall talk about using IP on amateur radio in the early 90s. IIRC, they were saying to use the 10. block as that was assigned to the U.S. military and not connected to the Internet and so was safe to use.
I was not much active (as a radio amateur) at that time, but I guess this isn't about packet radio then? (that would be AX.25). -- Per Jessen, Zürich (15.8°C) I guess my callsign might still be reserved OZ1HZV. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
James Knott wrote:
On 05/25/2016 02:29 AM, Per Jessen wrote:
James Knott wrote:
Please don't confuse private addresses with NAT. The idea of private addresses existed long before NAT. A private address is just that, it doesn't connect to anything. NAT then took advantage of those address blocks. Private addresses are not the problem (there are some with IPv6 too), NAT is. RFC1918 is dated 1996, and obsoletes 1597 from 1994. NAT was discussed at least as far back as 1992. (RFC1380, section 2.2.3, paragraph 3).
I recall talk about using IP on amateur radio in the early 90s. IIRC, they were saying to use the 10. block as that was assigned to the U.S. military and not connected to the Internet and so was safe to use.
I was not much active (as a radio amateur) at that time, but I guess this isn't about packet radio then? (that would be AX.25).
Uh, someone just reminded me that 44/8 has been allocated for radio amateur use since the 70s: https://whois.arin.net/rest/net/NET-44-0-0-0-1 /Per -- Per Jessen, Zürich (16.0°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, May 25, 2016 at 2:13 PM, James Knott
I had a 6in4 tunnel up for 6 years. Worked well.
Yes, this is the one requiring permanent public IPv4 address with direct IPv4 Internet connectivity (or at least ability to forward specific protocol). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-25 04:56, Anton Aylward wrote:
On 05/24/2016 09:40 PM, James Knott wrote:
I'm not your enemy/opponent in this, James. I'm just saying there is a good reason why people are hanging on to IPv4 and NAT despite the validity of all you say. calling them fools or idiots or short-sighted doesn't help. It just alienates them.
I think most users don't hang onto IPv4. Me, I will simply use IPv6 when my provider uses it... I would like having IPv6, but I don't /need/ it. I don't understand why my provider doesn't use it, but the routers they give their users are IPv6 ready, it seems. Sooner or later they will do it. An anecdote. Initially my provider handed out static IPv4 addresses by default to everybody. At some point they /upgraded/ to dynamic addresses. Yes, they sold it as an upgrade! With NAT. They only considered web browsing. They even had the idea of charging per email and per distance. They were bewildered when clients told them that they were doing user to user things over Internet, and these clients were angry at them for /upgrading/ to dynamic addressing. It is kind of funny the sales people parlance. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-25 12:35, Per Jessen wrote:
Uh, someone just reminded me that 44/8 has been allocated for radio amateur use since the 70s:
I know next to nothing about amateur radio but that link points to a page that says: Registration Date 1992-07-01 Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 07:26 AM, Per Jessen wrote:
they were saying to use the 10. block as that was assigned to the U.S. military and not connected to the Internet and so was safe to use. I was not much active (as a radio amateur) at that time, but I guess
I recall talk about using IP on amateur radio in the early 90s. IIRC, this isn't about packet radio then? (that would be AX.25).
AX/25 had been in use for years at that point. This was about TCP/IP. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 07:35 AM, Per Jessen wrote:
I was not much active (as a radio amateur) at that time, but I guess
this isn't about packet radio then? (that would be AX.25). Uh, someone just reminded me that 44/8 has been allocated for radio amateur use since the 70s:
That shows 1992 or about the time I attended that talk. I doubt it would have been in the 70s, as that was when more advanced digital modes were getting started. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 07:42 AM, Andrei Borzenkov wrote:
On Wed, May 25, 2016 at 2:13 PM, James Knott
wrote: I had a 6in4 tunnel up for 6 years. Worked well.
Yes, this is the one requiring permanent public IPv4 address with direct IPv4 Internet connectivity (or at least ability to forward specific protocol).
The tunnel broker I used had client software, which could follow dhcp and even work through NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 08:20 AM, Carlos E. R. wrote:
On 2016-05-25 04:56, Anton Aylward wrote:
On 05/24/2016 09:40 PM, James Knott wrote:
I'm not your enemy/opponent in this, James. I'm just saying there is a good reason why people are hanging on to IPv4 and NAT despite the validity of all you say. calling them fools or idiots or short-sighted doesn't help. It just alienates them.
I think most users don't hang onto IPv4. Me, I will simply use IPv6 when my provider uses it...
Not quite "+1". Its sort of like the situation with FAX of old. When you're the only guy around who has a FAX machine its of no utility. Its only when *ALL* your business corresponds *AND MORE* have fax machines too that it makes sense. Sort of the reverse of "herd immunity". Call it "herd enablement", perhaps. Yes, my router can handle IPv6. Yes my ISP can handle IPv6. But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4. "Dual stack"? Perhaps. No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil.
I would like having IPv6, but I don't /need/ it. I don't understand why my provider doesn't use it, but the routers they give their users are IPv6 ready, it seems. Sooner or later they will do it.
Charles Fort once commentated that "Steam engines happen when its Steam Engine time". There seems to be a lot of things like that, they happen when they are ready, not when people try forcing them to happen.
An anecdote. Initially my provider handed out static IPv4 addresses by default to everybody. At some point they /upgraded/ to dynamic addresses. Yes, they sold it as an upgrade! With NAT.
Yes, of course! It was an 'upgrade". For them! Easier to manage business, reduced cost, blah, blah.
They only considered web browsing. They even had the idea of charging per email and per distance.
back when the Big I internet started, say, the 1990 point, the telcos were used to doing data charged (most likely X.25) by a very complicated form involving volume, time of day, distance, how "wide" your pipe was, how much you actually loaded that width (say 16K on a T3). I saw one of these pricing spreadsheets and actually found some inconsistencies in it, a mode where customers could exploit a path and get cheap(er) service. That upset a few people! It upset them more when they found the number of people actually exploiting it. But the Internet ISPs *demanded* a flat rate for their pipes. And they often charged their customers a flat rate as well. Or if not then a simple formula like "connect time". Because if you're paying a flat rate for the pipe to another ISP then doing a SMTP over the wider net, point to point or even store-and-forward via a MX, has nothing to do with the distance to the endpoint. The 19th century telephony model has no bearing to when we're dealing with packet forwarding. Mind you, some of that mentality still hangs around.
They were bewildered when clients told them that they were doing user to user things over Internet, and these clients were angry at them for /upgrading/ to dynamic addressing.
It is kind of funny the sales people parlance.
A LOT of sales an marketing has no understanding of technology, not of its implications, nor of its 'emergent properties', and what's worse, many of them take pride in their ignorance. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 08:25 AM, Dave Howorth wrote:
On 2016-05-25 12:35, Per Jessen wrote:
Uh, someone just reminded me that 44/8 has been allocated for radio amateur use since the 70s:
I know next to nothing about amateur radio but that link points to a page that says:
Registration Date 1992-07-01
Wasn't there a Great Reworking about then, where ARIN took over many registrations? I seem to recall that the date of many registration, including companies/startups that I'd been involved in in the closing years of the 20th century, to say nothing of the DotComBoom-bust, getting 21st century dates on their records at ARIN and having no parent history. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dave Howorth wrote:
On 2016-05-25 12:35, Per Jessen wrote:
Uh, someone just reminded me that 44/8 has been allocated for radio amateur use since the 70s:
I know next to nothing about amateur radio but that link points to a page that says:
Registration Date 1992-07-01
Yeah I saw that too - I'm pretty certain about the 70s though. Okay, I googled it, it's called AMPRnet: https://en.wikipedia.org/wiki/AMPRNet "The class A 44 netblock of 16.7 Million IP addresses was set aside for amateur radio users worldwide, having been secured in the 1970s by Hank Magnuski". -- Per Jessen, Zürich (19.5°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-25 15:26, Anton Aylward wrote:
On 05/25/2016 08:20 AM, Carlos E. R. wrote:
...
how much you actually loaded that width (say 16K on a T3). I saw one of these pricing spreadsheets and actually found some inconsistencies in it, a mode where customers could exploit a path and get cheap(er) service. That upset a few people! It upset them more when they found the number of people actually exploiting it.
LOL! :-)) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/25/2016 09:26 AM, Anton Aylward wrote:
But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4.
"Dual stack"? Perhaps.
No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil.
I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. I see IPv6 more & more often, as more sites move to it. Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 2016-05-25 at 16:58 -0400, James Knott wrote:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding
To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Mittwoch, 25. Mai 2016, 16:58:36 schrieb James Knott:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding.
Or in other words: instead of ONE good firewall for the enterprise you need thousands, one for each end user's personal PC. ... NOT a good idea. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote:
But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4.
"Dual stack"? Perhaps.
No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil.
I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. I see IPv6 more & more often, as more sites move to it. Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding.
A big improvement that 99% of users won't need nor know about :-) In the last 30 days, for IPv6 sites, I see almost exclusively bigger companies with a large public audience - yahoo, google, youtube, the EU, SBB, Porsche, academic/universities, linkedin, eurovisino, facebork etcetera. For local sites, only these: adquality.ch sixy.ch (some ipv6 association) blogspot.ch www.fundmuenzen.ch (academic). www.gottardo2016.ch (national railroads) www.sbb.ch (national railroads) German sites - Heise Verlag and eBay. It's coming, but still veryyyyy slowly. Especially the smaller providers and hosters are lagging behind, but also many big companies - e.g. amazon, IBM, HP, SUSE, ABB, Credit-Suisse, UBS, FAZ. -- Per Jessen, Zürich (14.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dave Howorth wrote:
On Wed, 2016-05-25 at 16:58 -0400, James Knott wrote:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding
To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed.
Yes, NAT implicitly prevents that, and with IPv6 your firewall will still do so. Even without one, anyone attempting to gain access will have an impossible job to do - you will (typically) have a /64 network, a mind-boggling 18'446'744'073'709'551'616 addresses. -- Per Jessen, Zürich (14.7°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Mathias Homann wrote:
Am Mittwoch, 25. Mai 2016, 16:58:36 schrieb James Knott:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding.
Or in other words: instead of ONE good firewall for the enterprise you need thousands, one for each end user's personal PC.
What makes you think that? Every network will have a default router, that's where you put the firewall. Just like today. -- Per Jessen, Zürich (15.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 26 May 2016, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote: I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to.
Is this the ShowIP advertized at https://addons.mozilla.org/fr/firefox/addon/showip/ ? That addon is a known security risk: see https://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-a... Is there some other less intrusive way of seeing the IP of the server? Roger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 26 May 2016, jdd wrote:
Le 26/05/2016 09:37, Roger Price a écrit :
Is there some other less intrusive way of seeing the IP of the server?
ping?
True, but it would be nice to see the IP numbers in the browser window without having to type "ping domain" each time. Roger
Le 26/05/2016 09:45, Roger Price a écrit :
On Thu, 26 May 2016, jdd wrote:
Le 26/05/2016 09:37, Roger Price a écrit :
Is there some other less intrusive way of seeing the IP of the server?
ping?
True, but it would be nice to see the IP numbers in the browser window without having to type "ping domain" each time.
Roger is it that relevant? many sites have the same IP
jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 26/05/2016 09:45, Roger Price a écrit :
On Thu, 26 May 2016, jdd wrote:
Le 26/05/2016 09:37, Roger Price a écrit :
Is there some other less intrusive way of seeing the IP of the server?
ping?
True, but it would be nice to see the IP numbers in the browser window without having to type "ping domain" each time.
Roger is it that relevant? many sites have the same IP
See $SUBJ - it's about whether a site is accessed via IPv4 or IPv6. -- Per Jessen, Zürich (17.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 08:27, Per Jessen wrote:
Dave Howorth wrote:
To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed.
Yes, NAT implicitly prevents that, and with IPv6 your firewall will still do so. Even without one, anyone attempting to gain access will have an impossible job to do - you will (typically) have a /64 network, a mind-boggling 18'446'744'073'709'551'616 addresses.
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 02:24 AM, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote:
But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4.
"Dual stack"? Perhaps.
No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil. I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. I see IPv6 more & more often, as more sites move to it. Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding. A big improvement that 99% of users won't need nor know about :-)
In the last 30 days, for IPv6 sites, I see almost exclusively bigger companies with a large public audience - yahoo, google, youtube, the EU, SBB, Porsche, academic/universities, linkedin, eurovisino, facebork etcetera. For local sites, only these:
Many of those have had it for years. Strangely, the openSUSE had IPv6, but dropped when there was a web site change a while ago. A step back, just like so many other things with openSUSE.
adquality.ch sixy.ch (some ipv6 association) blogspot.ch www.fundmuenzen.ch (academic). www.gottardo2016.ch (national railroads) www.sbb.ch (national railroads)
German sites - Heise Verlag and eBay.
It's coming, but still veryyyyy slowly. Especially the smaller providers and hosters are lagging behind, but also many big companies - e.g. amazon, IBM, HP, SUSE, ABB, Credit-Suisse, UBS, FAZ.
Many of the major ISPs are now providing IPv6, which will put pressure on smaller ones to catch up. IPv6 has been available to business users for quite some time. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 02:27 AM, Per Jessen wrote:
Dave Howorth wrote:
On Wed, 2016-05-25 at 16:58 -0400, James Knott wrote:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed. Yes, NAT implicitly prevents that, and with IPv6 your firewall will still do so. Even without one, anyone attempting to gain access will have an impossible job to do - you will (typically) have a /64 network, a mind-boggling 18'446'744'073'709'551'616 addresses.
What's more is that you will often have 2 addresses. One based on your MAC, which you'd point the DNS to, if desired, and a random number "privacy" address that changes periodically. That's the address you'd use when going out on the 'net. That makes you a moving target for anyone trying to capture your address to use it to attack. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 03:37 AM, Roger Price wrote:
On Thu, 26 May 2016, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote: I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to.
Is this the ShowIP advertized at https://addons.mozilla.org/fr/firefox/addon/showip/ ? That addon is a known security risk: see https://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-a...
Is there some other less intrusive way of seeing the IP of the server?
Roger
That's the one. I'll have to see if there's a way to block that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 03:38 AM, jdd wrote:
Le 26/05/2016 09:37, Roger Price a écrit :
Is there some other less intrusive way of seeing the IP of the server?
ping?
jdd
On Linux, you'd use ping6, assuming it hasn't been blocked. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 07:13 AM, James Knott wrote:
On 05/26/2016 03:37 AM, Roger Price wrote:
On Thu, 26 May 2016, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote: I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. Is this the ShowIP advertized at https://addons.mozilla.org/fr/firefox/addon/showip/ ? That addon is a known security risk: see https://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-a...
Is there some other less intrusive way of seeing the IP of the server?
Roger That's the one. I'll have to see if there's a way to block that.
I've been using this one instead.
https://addons.mozilla.org/en-US/firefox/addon/showip-private/?src=api
--
Jeremy Baker
On 05/26/2016 02:28 AM, Per Jessen wrote:
Mathias Homann wrote:
Am Mittwoch, 25. Mai 2016, 16:58:36 schrieb James Knott:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding.
Or in other words: instead of ONE good firewall for the enterprise you need thousands, one for each end user's personal PC.
What makes you think that? Every network will have a default router, that's where you put the firewall. Just like today.
Classically, to quote Steve Bellovin, "The firewall is the network's response to poor host security". So yes, the firewall at the choke-point, the router makes sense. In that context a NAT amounts to a DENY ALL INCOMING REQUESTS firewall. so far so ... good. But then James talks about port forwarding and that opens up a can of worms. In effect he's saying that this permits home users behind the NAT to run a server. it might be a web server, might be a open mail server, each of which could be subverted, or it could be a peer-to-peer-peer style game server. Maybe, just many, the user behind the NAT has adequate sysadmin capability to prevent this turning into a catastrophe, and adequate tame and resources. There's a reason even people who are well skill make use of ISPs got their web site and email services. Those entities have the staff, time, capability to implement regular and proper backups, malware scans, updates and all, things the rest of us 'working joes' have to take time out of us 'home time' to do[1][2]. IF AND ONLY IF the NAT port forwarding *ALSO* has all the filtering one would expect of a firewall for that services (AV, email black hole, 'content inspection' and a pile of other things) then OK. But I've not seen a NAT'ing device that that does. None of the ones I have or have installed or dealt with in a casual-for-friends-and-relatives or professional or semi-professional capacity have, but I can't claim to have dealt with every last device and every last software revision in the whole wide world. I did have a g/f who had some day-trading trading s/w that support required her to open up what seemed like half a hundred ports in her NAT. She lost a lot of money and I don't think it was all to trades. Yes the company was a fly-by-night. Later I asked her if she'd ever closed up all those port and removed the software after it all went to vapour. That's, to me, obvious "sanitation". She gave me a puzzled look. She was, other than he gullibility about day-trading, an intelligent woman who had a high paying job (higher than me) before she retired early. But then I'm paranoid about many computer issues. Perhaps not all, and perhaps its disproportionate. There are other pertinent observations (on both sides) in this thread. I'll deal with them each in turn so this doesn't become TL;DR []1 lets face it, I _could_ change the oil in my car myself, but I can't buy it at preferential volume rates that the "Mr Oil" franchise can; the city wo 't let me pour the old oil down the drain and "Mr Oil" has an agreement with a recycling agency, so its worth my while to se "Mr Oil" rather than do it myself. There are a LOT of professional services like that. The $50 or so is about what it would cost me for parts, and I don't get oil over my hands and clothes. Adam Smith's "division of labour" and specialized skills ends up "more so" when the specialists also carry specialist tools and resources. [2] I'm not knocking the idea of 'hobby' and 'learning', just pointing out that those folks have a focused interest in getting it right and making it easy for the people who don't want to make it into a hobby. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/26/2016 02:24 AM, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote:
But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4.
"Dual stack"? Perhaps.
No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil. I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. I see IPv6 more & more often, as more sites move to it. Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding. A big improvement that 99% of users won't need nor know about :-)
In the last 30 days, for IPv6 sites, I see almost exclusively bigger companies with a large public audience - yahoo, google, youtube, the EU, SBB, Porsche, academic/universities, linkedin, eurovisino, facebork etcetera. For local sites, only these:
Many of those have had it for years. Strangely, the openSUSE had IPv6, but dropped when there was a web site change a while ago.
We still use it on e.g. api.opensuse.org and download.opensuse.org, but the latter is a mess. https://progress.opensuse.org/issues/6176 -- Per Jessen, Zürich (21.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 02:24 AM, Per Jessen wrote:
It's coming, but still veryyyyy slowly. Especially the smaller providers and hosters are lagging behind, but also many big companies - e.g. amazon, IBM, HP, SUSE, ABB, Credit-Suisse, UBS, FAZ.
Hmm. This seems, almost but not quite, the OPPOSITE of the way the World Wide Web grew up in the first place. It started with the smaller companies who had nothing to loose with try-out and the BigNames who had inertia and were set in their ways about "media" (and still used TELEX rather than email) did not yet see any business advantage. Yes. there will be a "tipping point"[1] to the change in IPv6, but I suspect it will come about from the _necessity_ of IoT rather than any 'business advantage' to the WWW and current IPv4 users. It may well be led by the science-fiction like hordes of users managing their homes by remote control from the smartphones; remotely checking what's in the fridge before they submit, remotely, an order to the supermarket; remotely turning on the slow cooker and programming the microwave; remotely watering the plants and operating the cat-feeder; remotely ordering a Uber-taxi to pick up the kids from school and remotely opening the house door for them when they arrive home; remotely helping them with their homework by remotely continuing texts at the on-line WikiLibrary and GuttenTextBook services, a couple of the few public services that are IPv6-enabled. Yes a true 21st century working parent, eh? While the points James make are, technically, correct, the "veryyyyy" slow adoption tells me that those are not relevant to the tipping point. The utility of IoT is going to be it. The address space requirements of IoT will necessitate it, There are going to be other impediments, like size and power requirement of sensors and actuators, but that's another matter. [1] In case you've haven't read it: https://en.wikipedia.org/wiki/The_Tipping_Point https://www.amazon.com/Tipping-Point-Little-Things-Difference-ebook/dp/B000O... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 06:41 AM, Carlos E. R. wrote:
On 2016-05-26 08:27, Per Jessen wrote:
Dave Howorth wrote:
To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed. Yes, NAT implicitly prevents that, and with IPv6 your firewall will still do so. Even without one, anyone attempting to gain access will have an impossible job to do - you will (typically) have a /64 network, a mind-boggling 18'446'744'073'709'551'616 addresses. But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
Well, whether you use NAT or just a firewall, the attack will still be the same. Also, as I mentioned in another note, privacy addresses are usually used. These addresses have a fairly short lifetime, so are useless long term for attacks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
IF AND ONLY IF the NAT port forwarding *ALSO* has all the filtering
NAT port forwarding is typically a single 'iptables' entry, nothing more. It isn't a <something> with anything extra, any more filtering, it's just a directive: "send requests on port 80 on external IP to port NN on internal IP". This is for my sons Minecraft server: iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 25565 --j DNAT --to 192.168.11.221
one would expect of a firewall for that services (AV, email black hole, 'content inspection' and a pile of other things) then OK.
I wouldn't expect any of that in a standard ADSL or FTTH box. Not at all - we're talking about a firewall on a router, nothing else. Well, that's what I'm talking about it.
But I've not seen a NAT'ing device that that does. None of the ones I have or have installed or dealt with in a casual-for-friends-and-relatives or professional or semi-professional capacity have, but I can't claim to have dealt with every last device and every last software revision in the whole wide world.
Professional equipment such as Fortigate, Sonicwall and Astaro (and many others), all come with all or some of that, but unless you're a small business, you probably don't want to bother with one of those. -- Per Jessen, Zürich (21.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 08:27, Per Jessen wrote:
Dave Howorth wrote:
To me, one of the advantages of NAT is that it makes it more difficult to attack my machines because they can't be addressed.
Yes, NAT implicitly prevents that, and with IPv6 your firewall will still do so. Even without one, anyone attempting to gain access will have an impossible job to do - you will (typically) have a /64 network, a mind-boggling 18'446'744'073'709'551'616 addresses.
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
What is a "rogue webserver" ? As for finding addresses in mails, they are typically random. By default in openSUSE. See "IPv6 privacy extensions". -- Per Jessen, Zürich (22.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
While the points James make are, technically, correct, the "veryyyyy" slow adoption tells me that those are not relevant to the tipping point. The utility of IoT is going to be it. The address space requirements of IoT will necessitate it,
That is certainly a possibility, although today to the great unwashed, the IoT and IPv6 are about equally remote :-)
There are going to be other impediments, like size and power requirement of sensors and actuators, but that's another matter.
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt. -- Per Jessen, Zürich (22.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 14:20, James Knott wrote:
On 05/26/2016 06:41 AM, Carlos E. R. wrote:
On 2016-05-26 08:27, Per Jessen wrote:
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
Well, whether you use NAT or just a firewall, the attack will still be the same.
No, with NAT there is no possibility of directly connecting to the hosts inside, unless the router sends some ports inside, to a server inside. Or game.
Also, as I mentioned in another note, privacy addresses are usually used. These addresses have a fairly short lifetime, so are useless long term for attacks.
Well, that's good. How does that work? The router hands them, or the computer autoassigns them? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 14:26, Per Jessen wrote:
Carlos E. R. wrote:
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
What is a "rogue webserver" ?
A web server belonging to "bad guys", or hacked by them, that runs code using the found IPs to attack them.
As for finding addresses in mails, they are typically random. By default in openSUSE. See "IPv6 privacy extensions".
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. You get both type of addresses for a computer? How know applications which one to use? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6. Yes, the service provider needs a static address, but the providers needs static addresses (or at least a good DNS and update) for their a web service, email service (SMTP or POP/IMAP) and a host of other things. "That's not what I meant" ? Well, please make it clear, then, whether you are talking about a client or a service provider, an ISP that is providing a raft of services with full support, possibly commercially, and an 'at home' that has opened a port-forwarder to provide a 'service' that is not supported like the ISP (yamma yamma). You said in the above "make use of". I took that to mean "make use of a service provider offering ..". In that contest, no you don't need a fixed address as a client. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 14:38, Per Jessen wrote:
Anton Aylward wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
If you do not configure the IP of the "thing", then both the thing and the remote gadget will have to contact an intermediate server to learn about each other. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Quoting James Knott
On 05/26/2016 02:24 AM, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote:
But unless and until all the agencies I deal with ALSO handle IPv6, the "why bother?" So long as they deal with IPv4 I end up using IPv4.
"Dual stack"? Perhaps.
No doubt this is where James comes in to tell of his experience in the area, and I rather hear about that than him telling us all that NAT is evil. I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to. I see IPv6 more & more often, as more sites move to it. Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding. A big improvement that 99% of users won't need nor know about :-)
In the last 30 days, for IPv6 sites, I see almost exclusively bigger companies with a large public audience - yahoo, google, youtube, the EU, SBB, Porsche, academic/universities, linkedin, eurovisino, facebork etcetera. For local sites, only these:
Many of those have had it for years. Strangely, the openSUSE had IPv6, but dropped when there was a web site change a while ago. A step back, just like so many other things with openSUSE.
adquality.ch sixy.ch (some ipv6 association) blogspot.ch www.fundmuenzen.ch (academic). www.gottardo2016.ch (national railroads) www.sbb.ch (national railroads)
German sites - Heise Verlag and eBay.
It's coming, but still veryyyyy slowly. Especially the smaller providers and hosters are lagging behind, but also many big companies - e.g. amazon, IBM, HP, SUSE, ABB, Credit-Suisse, UBS, FAZ.
Many of the major ISPs are now providing IPv6, which will put pressure on smaller ones to catch up. IPv6 has been available to business users for quite some time.
For someone who doesn't need to run a server behind a NAT router, is it worth the trouble to set up IPv6? TIA, Jeffrey -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 16:06, Jeffrey L. Taylor wrote:
For someone who doesn't need to run a server behind a NAT router, is it worth the trouble to set up IPv6?
Probably not, unless you need to reach a site that is on IPv6. You need it when you need it :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-05-26 14:38, Per Jessen wrote:
Anton Aylward wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
If you do not configure the IP of the "thing", then both the thing and the remote gadget will have to contact an intermediate server to learn about each other.
Quite likely yes. -- Per Jessen, Zürich (23.4°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Jeffrey L. Taylor wrote:
For someone who doesn't need to run a server behind a NAT router, is it worth the trouble to set up IPv6?
It's no great trouble, but you won't gain much. IMHO -- Per Jessen, Zürich (23.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/25/2016 06:21 PM, Mathias Homann wrote:
Am Mittwoch, 25. Mai 2016, 16:58:36 schrieb James Knott:
Of course the big improvement for users is the ability to directly access a computer behind the firewall, without messing with port forwarding.
Or in other words: instead of ONE good firewall for the enterprise you need thousands, one for each end user's personal PC.
... NOT a good idea.
Why is it not? It may be a massive admin headache if you don't have tools, but perl was developed specifically for bulk parallel admin of many hosts on a network. At the 98% level in 99% of corporate cases, applying bulk rules at the host level is quite practical. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 08:24 AM, Per Jessen wrote:
Anton Aylward wrote:
IF AND ONLY IF the NAT port forwarding *ALSO* has all the filtering
NAT port forwarding is typically a single 'iptables' entry, nothing more. It isn't a <something> with anything extra, any more filtering, it's just a directive: "send requests on port 80 on external IP to port NN on internal IP".
Yes, that is exactly my point. Its just that whether your NAT is a low end consumer Linksys device from Best Buy or a homebrew PC running some NAT'ing firewall on top of Linux (BTDT both ways).
This is for my sons Minecraft server:
iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 25565 --j DNAT --to 192.168.11.221
one would expect of a firewall for that services (AV, email black hole, 'content inspection' and a pile of other things) then OK.
I wouldn't expect any of that in a standard ADSL or FTTH box. Not at all - we're talking about a firewall on a router, nothing else. Well, that's what I'm talking about it.
I wouldn't expect content filtering etc etc on a .... see above ... either. That's my point. And there are going to be a number of crafted attack modes to any 'open port for a server. That I can't think of any specific examples means nothing. I'm not a malicious hacker, I'm not a member of Anonymous, I'm not even a 'script kiddie'. I DO know that the 'think like a hacker in order to defend' is a flawed argument'. It assumes you're only defended against specific and specifically motivated attacks. Defence can be systematic.
But I've not seen a NAT'ing device that that does. None of the ones I have or have installed or dealt with in a casual-for-friends-and-relatives or professional or semi-professional capacity have, but I can't claim to have dealt with every last device and every last software revision in the whole wide world.
Professional equipment such as Fortigate, Sonicwall and Astaro (and many others), all come with all or some of that, but unless you're a small business, you probably don't want to bother with one of those.
Actually, IIR, IpTables has the ability to do packet inspection. IIR it has the ability to hand the packet off to a user process for inspections, but that !EXPENSIVE!. Its expensive in the professional $mega dedicated firewalls you mention and others. But lets face it; Iptables can ALSO deal with other nasty things like packet fragmentation attacks, buffer over-run attacks. The thing is that most OTS (see above) NAT devices don't allow you set that up and even the shareware firewalls like IPCop don't have an option (or the version I've installed doesn't) (maybe the alter or the IPv6 version does have a plugin that does) for some of this nasty stuff. Even if Iptables COULD deal with it. I'm sure there's a HOW-TO about all this, I'm sure I've seen one but if I bookmarked it I can't find it in my list right now. My point is that since OTS NAT devices don't do all this proactive 'firewall' things, and that applies just as much to established connections as the Mitnick-Shimomura hijacking demonstrated, something that the people who think that NAT is an adequate protection because it prevents unsolicited initiated incoming connections <strike>often</strike> usually forget, you DO need the proper firewall. Its why 'host level firewalls' are coming in. Its also why they are of limited use, since end users don't know how to configure them. its why 'smart assistants' than can configure them are coming next! Hmmm http://www.symantec.com/connect/articles/iptables-linux-firewall-packet-stri... http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ Whether allowing smtp/imap outgoing to only a specific ISP from your host is useful I'm not sure, but there you are. Preventing DoS is more relevant. About a 'stateful' firewall with IpTables ... https://wiki.archlinux.org/index.php/simple_stateful_firewall https://evilshit.wordpress.com/2013/12/17/how-to-set-up-a-stateful-firewall-... Since some things, P2P, can run over http, port blocking is not adequate and content filtering or "layer 7" filtering is needed. http://l7-filter.sourceforge.net/ -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 14:26, Per Jessen wrote:
Carlos E. R. wrote:
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
What is a "rogue webserver" ?
A web server belonging to "bad guys", or hacked by them, that runs code using the found IPs to attack them.
Ah I see. Well, same answer as before, IPv6 privacy extensions.
As for finding addresses in mails, they are typically random. By default in openSUSE. See "IPv6 privacy extensions".
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
No, you don't need a fixed address for a VoIP client. With ISDN being phased out by the end of next year, Swisscom will be switching everyone to VoIP. None of those will need a fixed IP, v4 or v6. Deutsche Telekom will be doing the same by the end of 2018. Only if you want to run a server will you need fixed addresses, just like now.
You get both type of addresses for a computer? How know applications which one to use?
/proc/sys/net/ipv6/conf/eth0/use_tempaddr 0 = privacy extensions disabled. 1 = privacy extensions enabled, but not preferred. 2 = privacy extensions enabled, preferred. A network interface will have a) link local address - fe80:<mac-addr based> b) a temporary address (assuming tempaddr!=0) = 2001:db8::random c) an address handed out by dhcp = your:pref::pooladdr d) a fixed address based on mac-addr = your:pref::macaddr-based. -- Per Jessen, Zürich (23.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 08:38 AM, Per Jessen wrote:
Anton Aylward wrote:
While the points James make are, technically, correct, the "veryyyyy" slow adoption tells me that those are not relevant to the tipping point. The utility of IoT is going to be it. The address space requirements of IoT will necessitate it,
That is certainly a possibility, although today to the great unwashed, the IoT and IPv6 are about equally remote :-)
Yes, indeed, just like portable phones and fitness trackers and electric car, and just like automatic dishwasher and refrigerators were to out grandparents (or parents in the case of some of us Whitebeards). IoT will be a consumer/mass-market matter.
There are going to be other impediments, like size and power requirement of sensors and actuators, but that's another matter.
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
I don't think so. There's a market for a per-room temperature sensor that adjust the per-room heating vents on the forced air central hearing (or air conditioner) rather than the - at present - single sensor in one room and uncontrolled vents [or baseboard heaters or whatever]. It will e sold on the basis of energy efficiency as well as home comfort and convenience. Do some research; its already started. Then there's the [also in the name of energy efficiency] motion and thermal presence sensors that detect of no-one is in the room and turn the lists off. And so it goes. Not all these sensors will be connected or easily connected to the mains power. This site/thread discusses many of the issues and gives some good engineering examples http://toddbot.blogspot.ca/2014/06/building-first-of-many-wireless-sensor.ht... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 14:20, James Knott wrote:
On 05/26/2016 06:41 AM, Carlos E. R. wrote:
On 2016-05-26 08:27, Per Jessen wrote:
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
Well, whether you use NAT or just a firewall, the attack will still be the same.
No, with NAT there is no possibility of directly connecting to the hosts inside, unless the router sends some ports inside, to a server inside. Or game.
Assuming a correctly configured firewall, ditto.
Also, as I mentioned in another note, privacy addresses are usually used. These addresses have a fairly short lifetime, so are useless long term for attacks.
Well, that's good.
How does that work? The router hands them, or the computer autoassigns them?
They're assigned locally by the machine. -- Per Jessen, Zürich (23.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:38 AM, Carlos E. R. wrote:
On 2016-05-26 14:38, Per Jessen wrote:
Anton Aylward wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
If you do not configure the IP of the "thing", then both the thing and the remote gadget will have to contact an intermediate server to learn about each other.
Ah, you mean just like DHCP does today? Just like zero-config does today? Just like DHCP updates DNS does today? We've a LOY of experience about thin kind of thing :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I would not say ipv6 adoption is either minor or happening slowly anymore. There is a wide disparity of adoption rate by country, Belgium is nearly at 50% where the U.S. is not yet at even 20% (which might be the result of hogging ipv4 addresses). https://www.akamai.com/uk/en/our-thinking/state-of-the-internet-report/state... And here, the global usage (per Google's tracking) is about double now compared to one year ago. So if that trend continues and it doubles again, that's definitely a much faster rate than just a few years ago. https://www.google.com/intl/en/ipv6/statistics.html Even aside from IoT, ipv4 addresses were going to run out, necessitating ipv6 which is not exactly a new thing, which the IETF settled on in 1998. And no sysadmin really wants to run dual stack infrastructure. Clients have been ipv6 ready for a really long time, the main issue slowing adoption has been the major infrastructure like the major routers, and local wireless access points including cell phone towers. As that's shifting, the clients pick up and use ipv6 automatically, and if they don't they're misconfigured. Of course there will always be weird ancient junk out there, and that stuff will continue to use ipv4. Chris Murphy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 26-05-16 om 17:52 schreef Chris Murphy:
There is a wide disparity of adoption rate by country, Belgium is nearly at 50% where the U.S. is not yet at even 20% (which might be the result of hogging ipv4 addresses).
https://www.akamai.com/uk/en/our-thinking/state-of-the-internet-report/state...
Can't resist that. I'm from Belgium. The major ISP's give "dynamic" ipv6 prefixes, i.e. when your modem reboots, it gets a new prefix. From Proximus I get a /56 prefix, but it's impossible to get a fixed one, unless you pay for a "professional" account (at a professional price, that's for sure, and prices are high already, here). Before I went to Proximus I was with a small ISP (EDPnet) and they gave me a fixed /56 prefix, as a "consumer" customer. So I find that "adaption rate" exaggerated. Yes, for "dumb" customers, that number is true, but when you're trying to do something more, you're stuck with an ipv6-tunnel. Koenraad. P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that.
dhcpv6. -- Per Jessen, Zürich (26.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 08:11 AM, Anton Aylward wrote:
While the points James make are, technically, correct, the "veryyyyy" slow adoption tells me that those are not relevant to the tipping point. The utility of IoT is going to be it. The address space requirements of IoT will necessitate it, There are going to be other impediments, like size and power requirement of sensors and actuators, but that's another matter.
Actually, you'd be surprised at how much IPv6 is used. I see it frequently in my work. Also, a few years ago, the U.S. government mandated that all public facing web sites be available via IPv6. Add to that Google, Cisco, Microsoft and more pushing IPv6, it is becoming more common. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 08:38 AM, Per Jessen wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
The nice thing about IPv6 is it's design to automagically assign addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:17 AM, Carlos E. R. wrote:
Also, as I mentioned in another note, privacy addresses are
usually used. These addresses have a fairly short lifetime, so are useless long term for attacks. Well, that's good.
How does that work? The router hands them, or the computer autoassigns them?
The computer or other device generates a 64 bit random number to be used as the host portion of the address. When your computer is on for a while, you'll see a list of previously used addresses, which are still valid, but eventually those addresses will fall off the end of the list. Only the newest one is used for outgoing connections. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
As for finding addresses in mails, they
are typically random. By default in openSUSE. See "IPv6 privacy extensions". But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. Many services, such as VoIP, are designed to use a server only for call setup and then the end devices switch to peer to peer mode for the duration. You get both type of addresses for a computer? How know applications which one to use?
Are you referring to the 2 address types I mentioned? If so, apps, such as browsers, will only use the random number address. The MAC based address is used only when you want to make a computer publicly available to others and advertise it via DNS. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:35 AM, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:38 AM, Carlos E. R. wrote:
On 2016-05-26 14:38, Per Jessen wrote:
Anton Aylward wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt. If you do not configure the IP of the "thing", then both the thing and the remote gadget will have to contact an intermediate server to learn about each other.
This also happens with things like VoIP, many games and more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 19:20, James Knott wrote:
On 05/26/2016 09:17 AM, Carlos E. R. wrote:
Also, as I mentioned in another note, privacy addresses are
usually used. These addresses have a fairly short lifetime, so are useless long term for attacks. Well, that's good.
How does that work? The router hands them, or the computer autoassigns them?
The computer or other device generates a 64 bit random number to be used as the host portion of the address. When your computer is on for a while, you'll see a list of previously used addresses, which are still valid, but eventually those addresses will fall off the end of the list. Only the newest one is used for outgoing connections.
Where do you see them, in ifconfig, ip addr? Let me see, I have: inet6 addr: fe80::221:85ff:fe16:2d0b/64 Scope:Link inet6 addr: fc00::14/64 Scope:Global The second one I recognize as having created it myself, manually. And the first one is constructed from the MAC. Maybe the address you mean is only generated when the router hands over a prefix? (which it doesn't, as I don't have IPv6) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 10:06 AM, Jeffrey L. Taylor wrote:
Many of the major ISPs are now providing IPv6, which will put pressure
on smaller ones to catch up. IPv6 has been available to business users for quite some time.
For someone who doesn't need to run a server behind a NAT router, is it worth the trouble to set up IPv6?
The use of NAT requires hacks to get around the problems caused by sharing a single address. A server is just one example, It also affects VoIP, games, IoT and more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 10:21 AM, Per Jessen wrote:
Jeffrey L. Taylor wrote:
For someone who doesn't need to run a server behind a NAT router, is it worth the trouble to set up IPv6? It's no great trouble, but you won't gain much. IMHO
It's no trouble at all, if your ISP provides native IPv6. Just plug in 'n go. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 15:35, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
You need a special router that is VoIp aware, and/or you need to connect to a STUN server, which helps traverse the NAT router. With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found. Ie, IPv6 allows non-anonymous peer to peer services without intermediaries. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 10:37 AM, Per Jessen wrote:
With ISDN being phased out by the end of next year
BRI? PRI? or both? In North America, BRIs aren't used much, but PRIs are still used a lot for PBXs. I've even seen SIP/PRI converters you connect an old PBX to VoIP trunks. Those converters are normally used the other way around. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 10:39 AM, Anton Aylward wrote:
IoT will be a consumer/mass-market matter.
Yep, gotta make sure there's beer in the fridge! ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:43 PM, James Knott wrote:
On 05/26/2016 10:39 AM, Anton Aylward wrote:
IoT will be a consumer/mass-market matter.
Yep, gotta make sure there's beer in the fridge! ;-)
Don't forget turning on the ice-maker. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:18 PM, James Knott wrote:
On 05/26/2016 08:38 AM, Per Jessen wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt.
The nice thing about IPv6 is it's design to automagically assign addresses.
You mean like DHCP does for IPv5? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 12:41 PM, Per Jessen wrote:
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. dhcpv6.
Or more precisely, dhcpv6-pd, which gets your local prefix. Plain dhcpv6 will only provide a single address. Also, dhcpv6 uses an identifier, usually tied to your MAC address, called "DUID" to ensure you get the same prefix. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 10:40 AM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
And what could possibly go wrong? :-) Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:34 PM, Carlos E. R. wrote:
The computer or other device generates a 64 bit random number to be used
as the host portion of the address. When your computer is on for a while, you'll see a list of previously used addresses, which are still valid, but eventually those addresses will fall off the end of the list. Only the newest one is used for outgoing connections. Where do you see them, in ifconfig, ip addr?
Either ifconfig or ip -6 address show
Let me see, I have:
inet6 addr: fe80::221:85ff:fe16:2d0b/64 Scope:Link inet6 addr: fc00::14/64 Scope:Global
The second one I recognize as having created it myself, manually. And the first one is constructed from the MAC. Maybe the address you mean is only generated when the router hands over a prefix? (which it doesn't, as I don't have IPv6)
You don't have any global unicast addresses. Those generally start with 2. The unicast addresses, either random or MAC based are created with "SLAAC", which relies on router advertisements. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 16:37, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-05-26 14:26, Per Jessen wrote:
Carlos E. R. wrote:
But a rogue web server would know the address and run an attack on it. Also, we can find the IP on mails.
What is a "rogue webserver" ?
A web server belonging to "bad guys", or hacked by them, that runs code using the found IPs to attack them.
Ah I see. Well, same answer as before, IPv6 privacy extensions.
I need an IPv6 for dummies book. :-)
As for finding addresses in mails, they are typically random. By default in openSUSE. See "IPv6 privacy extensions".
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
No, you don't need a fixed address for a VoIP client. With ISDN being phased out by the end of next year, Swisscom will be switching everyone to VoIP. None of those will need a fixed IP, v4 or v6. Deutsche Telekom will be doing the same by the end of 2018.
Well, I have that. Silently. When I switched to fibre, I was switched to VoIp, but I wasn't told. I simply get a "thing" with a phone connector, to which is connected the house phone wiring, unchanged. In fact, people are using VoIp phones and computers by reverse engineering the connection data, because the company hides it. Which reminds me that I want to try it. I might route the connection to a computer that would do call filtering/screening. :-))
Only if you want to run a server will you need fixed addresses, just like now.
You need an intermediary where you register on each IP change so that others can phone you.
You get both type of addresses for a computer? How know applications which one to use?
/proc/sys/net/ipv6/conf/eth0/use_tempaddr
0 = privacy extensions disabled. 1 = privacy extensions enabled, but not preferred. 2 = privacy extensions enabled, preferred.
It is zero here. I see...
A network interface will have
a) link local address - fe80:<mac-addr based> b) a temporary address (assuming tempaddr!=0) = 2001:db8::random c) an address handed out by dhcp = your:pref::pooladdr d) a fixed address based on mac-addr = your:pref::macaddr-based.
I have a mac based address (don't know if 'a' or 'd'... correction, I know, it is 'a') and a fixed address I created, local if I remember correctly: inet6 addr: fe80::221:85ff:fe16:2d0b/64 Scope:Link inet6 addr: fc00::14/64 Scope:Global Type 'b', it is always "2001:db8..."? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That would depend on the protocol you're using, not IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:52 PM, Anton Aylward wrote:
On 05/26/2016 01:18 PM, James Knott wrote:
On 05/26/2016 08:38 AM, Per Jessen wrote:
Whatever the IoT device is, is has to be just an appliance, like the fridge and the dishwasher. Buy one, have it delivered and installed, then turn on. Much more than that, e.g. just a simple thing such as configuration of a fixed IPv6 address, and it'll quickly grind to a halt. The nice thing about IPv6 is it's design to automagically assign addresses.
You mean like DHCP does for IPv5?
Ummm... I haven't seen much IPv5 lately. ;-) IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 19:23, James Knott wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
As for finding addresses in mails, they
are typically random. By default in openSUSE. See "IPv6 privacy extensions". But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. Many services, such as VoIP, are designed to use a server only for call setup and then the end devices switch to peer to peer mode for the duration.
If I remember correctly, skyp uses intermediaries all the time in order to traverse nat and firewalls.
You get both type of addresses for a computer? How know applications which one to use?
Are you referring to the 2 address types I mentioned? If so, apps, such as browsers, will only use the random number address. The MAC based address is used only when you want to make a computer publicly available to others and advertise it via DNS.
And /proc/sys/net/ipv6/conf/eth0/use_tempaddr says which to use. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 02:03 PM, Carlos E. R. wrote:
If I remember correctly, skyp uses intermediaries all the time in order to traverse nat and firewalls.
Google Hangouts and Firefox Hello are designed to use a server only to set up the connection then go peer2peer. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
You mean like DHCP does for IPv5?
Sorry, typo.
You mean like DHCP does for IPv6?
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 19:59, James Knott wrote:
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That would depend on the protocol you're using, not IPv6.
Well, it has to be IPv6 if you want to address a device from outside, not a house. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 19:57, Lew Wolfgang wrote:
On 05/26/2016 10:40 AM, Carlos E. R. wrote:
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
And what could possibly go wrong? :-)
I didn't say anything could go wrong. :-) But of course, things might. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 02:02 PM, James Knott wrote:
IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not.
Ah "Stateless DHCP" Tell me ... The DHCP servers I use such as 'dnsmasq' integrate with DNS. (yes the big versions can do it too!) Does SLAAC do that? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 02:09 PM, Carlos E. R. wrote:
That would depend on the protocol you're using, not IPv6. Well, it has to be IPv6 if you want to address a device from outside, not a house.
In principle IPv4 and IPv6 work the same way in this respect. They're only the transport. Higher protocols determine how they're used. Of course, with IPv4 and NAT, other issues arise. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 16:23, Anton Aylward wrote:
My point is that since OTS NAT devices don't do all this proactive 'firewall' things, and that applies just as much to established connections as the Mitnick-Shimomura hijacking demonstrated, something that the people who think that NAT is an adequate protection because it prevents unsolicited initiated incoming connections <strike>often</strike> usually forget, you DO need the proper firewall. Its why 'host level firewalls' are coming in. Its also why they are of limited use, since end users don't know how to configure them. its why 'smart assistants' than can configure them are coming next!
Good point. Firewalls on all devices. Yes. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
An excellent reference is "IPv6 Essentials". http://shop.oreilly.com/product/0636920023432.do -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 19:52, Anton Aylward wrote:
On 05/26/2016 01:43 PM, James Knott wrote:
On 05/26/2016 10:39 AM, Anton Aylward wrote:
IoT will be a consumer/mass-market matter.
Yep, gotta make sure there's beer in the fridge! ;-)
Don't forget turning on the ice-maker.
And bugs. Nice, tasty bugs. My treasure!... (ie, jobs ;-) ) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
James Knott wrote:
On 05/26/2016 12:41 PM, Per Jessen wrote:
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. dhcpv6.
Or more precisely, dhcpv6-pd, which gets your local prefix.
Konraad would need dhcpv6 to dish out the fixed addresses to his servers automatically, that's what I meant. -- Per Jessen, Zürich (21.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
As for finding addresses in mails, they are typically random. By default in openSUSE. See "IPv6 privacy extensions".
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
No, you don't need a fixed address for a VoIP client. With ISDN being phased out by the end of next year, Swisscom will be switching everyone to VoIP. None of those will need a fixed IP, v4 or v6. Deutsche Telekom will be doing the same by the end of 2018.
Well, I have that. Silently.
When I switched to fibre, I was switched to VoIp, but I wasn't told. I simply get a "thing" with a phone connector, to which is connected the house phone wiring, unchanged.
Yes, I expect that will be the case for most people. Whether the telco uses copper, fibre or carrier pigeons should be transparent to the consumer. An ISDN customer has an NTBA ("terminator box") installed, typically a grey box on the wall somewhere. It interfaces the telephone wires with the S0 bus. I expect Swisscom and Deutsche Telecom will simply replace that with another one, essentially an ADSL modem which interfaces the telephones wires with Ethernet.
Only if you want to run a server will you need fixed addresses, just like now.
You need an intermediary where you register on each IP change so that others can phone you.
Yes, that's called a "VoIP provider". They also provide the interconnect to the POTS etc.
You get both type of addresses for a computer? How know applications which one to use?
/proc/sys/net/ipv6/conf/eth0/use_tempaddr
0 = privacy extensions disabled. 1 = privacy extensions enabled, but not preferred. 2 = privacy extensions enabled, preferred.
It is zero here. I see...
The default on openSUSE is 2, a sound choice for a client. I wonder how you got a 0.
A network interface will have
a) link local address - fe80:<mac-addr based> b) a temporary address (assuming tempaddr!=0) = 2001:db8::random c) an address handed out by dhcp = your:pref::pooladdr d) a fixed address based on mac-addr = your:pref::macaddr-based.
I have a mac based address (don't know if 'a' or 'd'... correction, I know, it is 'a') and a fixed address I created, local if I remember correctly:
inet6 addr: fe80::221:85ff:fe16:2d0b/64 Scope:Link inet6 addr: fc00::14/64 Scope:Global
Type 'b', it is always "2001:db8..."?
"2001:db8::" is like "example.com", it's for documentation only. In real life, it will be one a prefix allocated by your provider. -- Per Jessen, Zürich (21.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/26/2016 10:37 AM, Per Jessen wrote:
With ISDN being phased out by the end of next year
BRI? PRI? or both?
Good question, I'll have to look it up. I have assumed BRI sofar, but PRIs are also getting on a bit, age- and performance-wise. I don't know how tightly coupled they are - from the telco pov. -- Per Jessen, Zürich (21.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/26/2016 09:35 AM, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP. -- Per Jessen, Zürich (21.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 19:20, James Knott wrote:
On 05/26/2016 09:17 AM, Carlos E. R. wrote:
Also, as I mentioned in another note, privacy addresses are
usually used. These addresses have a fairly short lifetime, so are useless long term for attacks. Well, that's good.
How does that work? The router hands them, or the computer autoassigns them?
The computer or other device generates a 64 bit random number to be used as the host portion of the address. When your computer is on for a while, you'll see a list of previously used addresses, which are still valid, but eventually those addresses will fall off the end of the list. Only the newest one is used for outgoing connections.
Where do you see them, in ifconfig, ip addr?
Either one. ifconfig is deprecated, but "ip addr" will show you.
Let me see, I have:
inet6 addr: fe80::221:85ff:fe16:2d0b/64 Scope:Link inet6 addr: fc00::14/64 Scope:Global
The second one I recognize as having created it myself, manually. And the first one is constructed from the MAC. Maybe the address you mean is only generated when the router hands over a prefix? (which it doesn't, as I don't have IPv6)
Yes, unless you have radvd (or equivalent) running on your router, your devices will not configure any ipv6 addresses. -- Per Jessen, Zürich (21.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/26/2016 02:02 PM, James Knott wrote:
IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not.
Ah "Stateless DHCP"
Tell me ...
The DHCP servers I use such as 'dnsmasq' integrate with DNS. (yes the big versions can do it too!)
Does SLAAC do that?
You need to elaborate on what you mean by "integrate with DNS". -- Per Jessen, Zürich (20.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:28 PM, James Knott wrote:
On 05/26/2016 09:35 AM, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
I'm sorry, no you don't need a STUN server. Perhaps some service providers configure their systems so to make it necessary, but mine certainly doesn't! In fact they insist that a STUN is NOT to be configured. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 21:44, Per Jessen wrote:
Carlos E. R. wrote:
Yes, unless you have radvd (or equivalent) running on your router, your devices will not configure any ipv6 addresses.
Well, as my ISP doesn't provide IPv6, so I don't think the router hands out IPv6 addresses. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 22:51, Anton Aylward wrote:
On 05/26/2016 01:28 PM, James Knott wrote:
I'm sorry, no you don't need a STUN server.
Perhaps some service providers configure their systems so to make it necessary, but mine certainly doesn't!
In fact they insist that a STUN is NOT to be configured.
Because you have a router that understands VoIp. Or the form of VoIp that your ISP uses. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 21:40, Per Jessen wrote:
James Knott wrote:
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP.
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
On 2016-05-26 15:35, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
You need a special router that is VoIp aware, and/or you need to connect to a STUN server, which helps traverse the NAT router.
This is NOT the case. I'm not saying that people don't configure it that way, but it isn't how my provider works. I had to quite explicitly turn STUN OFF on my LinkSys ATA to get it to work. The ATA is a client, and link all clients it makes outbound connections which are not a problem for anything behind a NAT.
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
That's nice, I'm sure, but my set-up behave just like the analogue POTS I had before. (i.e. you dial a 7 or 10 digit number if you're in north America, add a "1" international prefix if you're not) Except for one thing. I can male 'softphone calls' from my tablet as well.
From anywhere I can get a wifi connection. It doesn't matter if the wifi service is behind a NAT; in fact since many of the conferences / malls / libraries use a 10., they must be NAT'd. And my tablet it is using Zopier as the softphone and that isn't configured to use STUN either.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That's good. Does that mean that when IPv6 is universal that the telcos will get out of the phone business as its no longer needed? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 20:14, James Knott wrote:
On 05/26/2016 02:09 PM, Carlos E. R. wrote:
That would depend on the protocol you're using, not IPv6. Well, it has to be IPv6 if you want to address a device from outside, not a house.
In principle IPv4 and IPv6 work the same way in this respect. They're only the transport. Higher protocols determine how they're used. Of course, with IPv4 and NAT, other issues arise.
Well, IPv4 would work, of course, but normal people don't get internet v4 addresses for inside the home. You have to pay extra for them. With IPv6 you get those routable addresses at the same price. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 02:09 PM, Carlos E. R. wrote:
On 2016-05-26 19:59, James Knott wrote:
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That would depend on the protocol you're using, not IPv6.
Well, it has to be IPv6 if you want to address a device from outside, not a house.
I often use IP connectivity that isn't IPv6 outside my house. Libraries, malls, conference centres, hotels, ... And yes, most of them are using a NAT'd service. And just to rub the point in, one of the thing I do using this 'outside the house' NAT'd IP service is make phone calls from my tablet using a softphone AND NO STUN. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 10:37 AM, Per Jessen wrote:
Only if you want to run a server will you need fixed addresses, just like now.
Err no. In the days before my current cable provider clamped down on it, I ran a web server from home, even though the cable service provided a dynamic address. I registered a domain name and made use of the (then free) service that DynDNS (then) had. I had a small script, that DynDNS supplied, that looked to see what my DHCP address from the cable company was and if it changed sent a message to DynDNS updating its mapping for my domain entry. That way remote sites could access my web service. All this talk about IP address is a crock! Real people deal in domain names. I'm sure that there are similar services around even now. I only discontinued this when my cable provider changed policy so that only commercial customers could run servers. IIR DynDNS later suspended their free service. Perhaps I should change cable provider .... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
https://www.wesecure.nl/upload/documents/tinymce/IPv6.pdf -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 23:11, Anton Aylward wrote:
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
That's nice, I'm sure, but my set-up behave just like the analogue POTS I had before. (i.e. you dial a 7 or 10 digit number if you're in north America, add a "1" international prefix if you're not)
Yes, I also have that service. Except that it is done at a box closer to the fibre, before it gets to the router (the ONT). No user configurable at all, and not documented. To get "softphone" we have to reverse engineer it to get the configuration data. And yes, it does not need STUN. But it works on a 10.*.*.* network that bypasses the NAT, that's why.
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That's good. Does that mean that when IPv6 is universal that the telcos will get out of the phone business as its no longer needed?
They might :-) But I doubt it. Anyway, the "services" in that sentence is not only for "phone". Anything. File sharing. Concurrent work on a document without Google. For instance. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 05:06 PM, Carlos E. R. wrote:
On 2016-05-26 22:51, Anton Aylward wrote:
On 05/26/2016 01:28 PM, James Knott wrote:
I'm sorry, no you don't need a STUN server.
Perhaps some service providers configure their systems so to make it necessary, but mine certainly doesn't!
In fact they insist that a STUN is NOT to be configured.
Because you have a router that understands VoIp. Or the form of VoIp that your ISP uses.
No I do NOT have a VoIP aware router. And as far as my service provider goes, didn't I say that? As far as I understand what they tell me, its Asterix (?sp?) and its just a matter of how its configured. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:28 PM, Carlos E. R. wrote:
On 2016-05-26 23:11, Anton Aylward wrote:
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
That's nice, I'm sure, but my set-up behave just like the analogue POTS I had before. (i.e. you dial a 7 or 10 digit number if you're in north America, add a "1" international prefix if you're not)
Yes, I also have that service. Except that it is done at a box closer to the fibre, before it gets to the router (the ONT). No user configurable at all, and not documented.
To get "softphone" we have to reverse engineer it to get the configuration data. And yes, it does not need STUN. But it works on a 10.*.*.* network that bypasses the NAT, that's why.
I can't see why that makes a difference but I'm not a VoIP expert. I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA. Oh, a slight difference. If I travel outside North America the delay across the Atlantic I suppose, introduce a bit of an echo if I use the north America nodes, so I change the settings to use of of their European nodes (or is it 'peers'?) Isn't DNS wonderful?
Ie, IPv6 allows non-anonymous peer to peer services without intermediaries.
That's good. Does that mean that when IPv6 is universal that the telcos will get out of the phone business as its no longer needed?
They might :-)
But I doubt it.
I doubt it too, but I live in hope :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 20:17, James Knott wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
An excellent reference is "IPv6 Essentials".
$31.99? Way to expensive for me. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:39 PM, Anton Aylward wrote:
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
https://www.youtube.com/watch?v=_I3qV3aetVg -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-26 21:29, Per Jessen wrote:
Carlos E. R. wrote:
Well, I have that. Silently.
When I switched to fibre, I was switched to VoIp, but I wasn't told. I simply get a "thing" with a phone connector, to which is connected the house phone wiring, unchanged.
Yes, I expect that will be the case for most people. Whether the telco uses copper, fibre or carrier pigeons should be transparent to the consumer. An ISDN customer has an NTBA ("terminator box") installed, typically a grey box on the wall somewhere. It interfaces the telephone wires with the S0 bus. I expect Swisscom and Deutsche Telecom will simply replace that with another one, essentially an ADSL modem which interfaces the telephones wires with Ethernet.
The thing is that there are way many more features possible with VoIp terminals or softphones than with POTS. The telephone company hides the data and says it is not possible, but people have figured out how to do it, and do it. It is a 10.* network, probably a VPN on the same router, with no STUN needed (because there is no NAT). People do things like doing several simultanous phone calls, one on the POTs and several on the softphones. I don't know if they are charged or not. They manage to pick up the phone miles away, too. When the phone company catches up, they'll want to charge for all that, of course. Then people will catch up again and simply use the internet connection with a different registrar.
Only if you want to run a server will you need fixed addresses, just like now.
You need an intermediary where you register on each IP change so that others can phone you.
Yes, that's called a "VoIP provider". They also provide the interconnect to the POTS etc.
Well, interconnect to the POTS is an extra. The only service you need outside is the registrar, and there are free providers.
You get both type of addresses for a computer? How know applications which one to use?
/proc/sys/net/ipv6/conf/eth0/use_tempaddr
0 = privacy extensions disabled. 1 = privacy extensions enabled, but not preferred. 2 = privacy extensions enabled, preferred.
It is zero here. I see...
The default on openSUSE is 2, a sound choice for a client. I wonder how you got a 0.
Dunno. I will have to check on other machines, this one has been upgraded from 5.3 upwards. [...] Yes, another machine, more recently set up has a 2. But the only address is: inet6 addr: fe80::203:dff:fe05:17fc/64 Scope:Link (probably because my router doesn't hand out IPv6 addresses)
Type 'b', it is always "2001:db8..."?
"2001:db8::" is like "example.com", it's for documentation only. In real life, it will be one a prefix allocated by your provider.
Ah. :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 23:25, Anton Aylward wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
Wow! Just the very thing :-) Copied to the tablet for reading. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 23:44, Anton Aylward wrote:
On 05/26/2016 05:39 PM, Anton Aylward wrote:
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
Puagh. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 23:39, Anton Aylward wrote:
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
Oh, I was rather thinking of Tolkien and Gollum. :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 21:49, Per Jessen wrote:
Anton Aylward wrote:
On 05/26/2016 02:02 PM, James Knott wrote:
IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not.
Ah "Stateless DHCP"
Tell me ...
The DHCP servers I use such as 'dnsmasq' integrate with DNS. (yes the big versions can do it too!)
Does SLAAC do that?
You need to elaborate on what you mean by "integrate with DNS".
I assume it means that you get, automatically, a DNS server that knows the name and address of all addresses the DHCP equivalent hands out. But if there is no server with SLAAC, the answer is "no". -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-26 18:10, Koenraad Lelong wrote:
Can't resist that. I'm from Belgium. The major ISP's give "dynamic" ipv6 prefixes, i.e. when your modem reboots, it gets a new prefix. From Proximus I get a /56 prefix, but it's impossible to get a fixed one, unless you pay for a "professional" account (at a professional price, that's for sure, and prices are high already, here).
Oh :-( What a terrible idea. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Thu, 26 May 2016 20:17, James Knott wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
An excellent reference is "IPv6 Essentials".
390 Pages? Oh! Not a short read. A "Dummy Book" would come in a 1/6 or even 1/8 of that. (50-65 Pages) - Yamaban -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 26 May 2016 23:25, Anton Aylward wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
28 Pages, good for getting a basic overview, without getting lost in details. Thank you very much. - Yamaban -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Anton Aylward
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
https://www.flickr.com/photos/andabata/26844374060/ -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 02:02 PM, James Knott wrote:
IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not.
Ah "Stateless DHCP" While IPv6 can use DHCP to assign addresses, it often does not. In
On 05/26/2016 02:12 PM, Anton Aylward wrote: those situations, DHCP is used to hand out things like DNS or NTP server addresses.
Tell me ...
The DHCP servers I use such as 'dnsmasq' integrate with DNS. (yes the big versions can do it too!)
Does SLAAC do that?
SLAAC is used only to create an address. It has nothing to do with DNS. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 03:05 PM, Per Jessen wrote:
James Knott wrote:
On 05/26/2016 12:41 PM, Per Jessen wrote:
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. dhcpv6.
Or more precisely, dhcpv6-pd, which gets your local prefix. Konraad would need dhcpv6 to dish out the fixed addresses to his servers automatically, that's what I meant.
And that's why I said dpchv6-pd. dhcpv6 by itself won't do it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 03:40 PM, Per Jessen wrote:
James Knott wrote:
On 05/26/2016 09:35 AM, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6. Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT. You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP.
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:02 PM, Carlos E. R. wrote:
Yes, unless you have radvd (or equivalent) running on your router, your devices will not configure any ipv6 addresses. Well, as my ISP doesn't provide IPv6, so I don't think the router hands out IPv6 addresses.
My router handed out IPv6 addresses for 6 years before my ISP offered IPv6. I used a 6in4 tunnel to get a /56 prefix. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:09 PM, Carlos E. R. wrote:
You make it out to be a big deal, James. We have had a STUN server
running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP. But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
It's not the fixed address or lack of that's the problem. The phone only "knows" the address it has on the local network, not the public address on the other side of the firewall. STUN is used to provide the real address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:12 PM, Carlos E. R. wrote:
Well, IPv4 would work, of course, but normal people don't get internet v4 addresses for inside the home. You have to pay extra for them. With IPv6 you get those routable addresses at the same price.
Actually, I get a real address from my ISP and have for years. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:14 PM, Anton Aylward wrote:
I often use IP connectivity that isn't IPv6 outside my house.
Libraries, malls, conference centres, hotels, ... And yes, most of them are using a NAT'd service.
And just to rub the point in, one of the thing I do using this 'outside the house' NAT'd IP service is make phone calls from my tablet using a softphone AND NO STUN.
Then you must be using a server for the duration of the call. With VoIP, the server is supposed to be used only for setting up a peer to peer call and then drops out of the picture. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:22 PM, Anton Aylward wrote:
On 05/26/2016 10:37 AM, Per Jessen wrote:
Only if you want to run a server will you need fixed addresses, just like now. Err no. In the days before my current cable provider clamped down on it, I ran a web server from home, even though the cable service provided a dynamic address.
I registered a domain name and made use of the (then free) service that DynDNS (then) had. I had a small script, that DynDNS supplied, that looked to see what my DHCP address from the cable company was and if it changed sent a message to DynDNS updating its mapping for my domain entry.
That way remote sites could access my web service.
All this talk about IP address is a crock! Real people deal in domain names.
I'm sure that there are similar services around even now. I only discontinued this when my cable provider changed policy so that only commercial customers could run servers. IIR DynDNS later suspended their free service.
Perhaps I should change cable provider ....
My IPv4 address is via DHCP. However, it changes so seldom, it's virtually static. My host name is static, based on my cable modem and firewall MAC addresses. I have an alias set up on a DNS server that maps my own domain name to that host name. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:25 PM, Anton Aylward wrote:
I need an IPv6 for dummies book. :-)
Don't forget this book. ;-) https://www.amazon.co.uk/Complete-Idiots-Guide-Dummies-Stupidity/dp/15800817... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:36 PM, Anton Aylward wrote:
Oh, a slight difference. If I travel outside North America the delay across the Atlantic I suppose, introduce a bit of an echo if I use the north America nodes, so I change the settings to use of of their European nodes (or is it 'peers'?)
Isn't DNS wonderful?
Another feature of IPv6 is "anycast" addresses, where you connect to the nearest server, without having to change anything. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-27 03:52, James Knott wrote:
On 05/26/2016 05:12 PM, Carlos E. R. wrote:
Well, IPv4 would work, of course, but normal people don't get internet v4 addresses for inside the home. You have to pay extra for them. With IPv6 you get those routable addresses at the same price.
Actually, I get a real address from my ISP and have for years.
Yes, you may get one. But not a bunch, so that each device inside your home gets one. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true. https://tools.ietf.org/html/rfc6106 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
27.05.2016 04:42, James Knott пишет:
On 05/26/2016 03:05 PM, Per Jessen wrote:
James Knott wrote:
On 05/26/2016 12:41 PM, Per Jessen wrote:
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. dhcpv6.
Or more precisely, dhcpv6-pd, which gets your local prefix. Konraad would need dhcpv6 to dish out the fixed addresses to his servers automatically, that's what I meant.
And that's why I said dpchv6-pd. dhcpv6 by itself won't do it.
You confuse two things - how local router gets information about valid prefix(es) for global addresses and how local hosts get new prefix(es) distributed to them. Konraad question was about the latter. The former can be achieved by DHCPv6 PD or any other means, including protocol private to provider. But even if you know new prefix you still need to distribute it to local hosts and *that* has absolutely nothing to do with Prefix Delegation. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 21:49, Per Jessen wrote:
Anton Aylward wrote:
On 05/26/2016 02:02 PM, James Knott wrote:
IPv6 can create link local addresses entirely on it's own or build a SLAAC address after receiving a router advertisement. DHCP requires a server to manage the addresses, SLAAC does not.
Ah "Stateless DHCP"
Tell me ...
The DHCP servers I use such as 'dnsmasq' integrate with DNS. (yes the big versions can do it too!)
Does SLAAC do that?
You need to elaborate on what you mean by "integrate with DNS".
I assume it means that you get, automatically, a DNS server that knows the name and address of all addresses the DHCP equivalent hands out.
Okay, I guess that would be a form of dynamic dns update?
But if there is no server with SLAAC, the answer is "no".
Certainly, as there are no names associated with the addresses being configured, SLAAC cannot do any DNS updates. -- Per Jessen, Zürich (17.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
Very true - see radvd.conf::RDNSS. I'm not sure if we actually support that, it certainly didn't work in 13.2. I thought there was an open bugreport, but I can't find it. -- Per Jessen, Zürich (18.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
With IPv6 you need neither. In fact, you could address someone's phone by something like "phone://IP-Addres" instead of or "protocol://who@server_provider", where the directory server does a directory search to translate your given name to the IP where you can be found.
That's nice, I'm sure, but my set-up behave just like the analogue POTS I had before. (i.e. you dial a 7 or 10 digit number if you're in north America, add a "1" international prefix if you're not)
Yes, I also have that service. Except that it is done at a box closer to the fibre, before it gets to the router (the ONT). No user configurable at all, and not documented.
To get "softphone" we have to reverse engineer it to get the configuration data. And yes, it does not need STUN. But it works on a 10.*.*.* network that bypasses the NAT, that's why.
I can't see why that makes a difference but I'm not a VoIP expert.
In Carlos' exmaple, the phone and the SIP server both are on the same network, 10.0.0.0. STUN or keep-alive is needed when the phone is on a NAT'ed network (192.168.0.0) behind a router on the public internet.
I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA.
Right - they probably both have STUN or keep-alive enabled. -- Per Jessen, Zürich (18.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
Does that mean that when IPv6 is universal that the telcos will get out of the phone business as its no longer needed?
Just because everyone will eventually have a gazillion fixed public addresses doesn't mean they will know how to use them. Everyone can buy a screwdriver and a soldering iron, doesn't mean they can build a radio :-) Besides, it's not specifically related to IPv6, we have local providers that already provide free telephony on their local networks. GGAMaur and Meifinet are two of my local providers, they both offer this. Obviously also with a for-a-fee hook-up to POTS. With ISDN being phased out, a number of VoIP providers have also sprung up, they also all offer free calls on their local networks. If you can run Asterisk, you can provide VoIP services, there's not much to it. Inter-connecting with the public network is a different story. Call me on sip://pjessen@enidan.com - it ought to get straight through to my telephone here on my desk. -- Per Jessen, Zürich (18.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/26/2016 01:40 PM, Carlos E. R. wrote:
On 2016-05-26 15:35, Anton Aylward wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible.
That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6.
You need a special router that is VoIp aware, and/or you need to connect to a STUN server, which helps traverse the NAT router.
This is NOT the case.
I'm not saying that people don't configure it that way, but it isn't how my provider works. I had to quite explicitly turn STUN OFF on my LinkSys ATA to get it to work.
STUN is needed for inbound calls. Many phones have a keep-alive option instead, but it boils down to the same thing. -- Per Jessen, Zürich (18.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/26/2016 03:40 PM, Per Jessen wrote:
James Knott wrote:
On 05/26/2016 09:20 AM, Carlos E. R. wrote:
But if you want to make use of things like VoIP you would need a fixed address, non private, because you do want to do things needing being accessible. That is not the case from the end user's POV. I have a NAT and Vop "router" behind it. Whether I was using a NAT or not the ATA box needs to have the address of the ISP. How the ISP implement things, load balancing or otherwise, is their decision. My setup is going to be the same, NAT or not, IPv4 or IPv6. Actually, with NAT, you have to use an STUN server to communicate
On 05/26/2016 09:35 AM, Anton Aylward wrote: the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP.
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way.
Yep, like I said you make it out to be a big deal. The STUN server took about 5mins to set up and it runs and runs and runs. The telephone is configured to enable STUN when it's provisioned. NAT is a fact of life, likely will be for quite some time to come. When everyone has public addresses, we can stop the STUN server, woohoo. -- Per Jessen, Zürich (19.4°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-26 21:40, Per Jessen wrote:
James Knott wrote:
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP.
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
Carlos, you're loosing me - what does a normal person need a STUN server for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside. -- Per Jessen, Zürich (19.5°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/26/2016 05:09 PM, Carlos E. R. wrote:
You make it out to be a big deal, James. We have had a STUN server
running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP. But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
It's not the fixed address or lack of that's the problem. The phone only "knows" the address it has on the local network, not the public address on the other side of the firewall. STUN is used to provide the real address.
Yes, exactly. It also keeps the NAT association open in the NAT router. -- Per Jessen, Zürich (19.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-27 09:08, Per Jessen wrote:
Carlos E. R. wrote:
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
Carlos, you're loosing me - what does a normal person need a STUN server for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside.
Two meanings. One, that a normal client has to use a STUN server that somebody else creates, and that a person that tries to setup asterisk will probably also have to setup a STUN. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-27 09:05, Per Jessen wrote:
James Knott wrote:
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way.
Yep, like I said you make it out to be a big deal. The STUN server took about 5mins to set up and it runs and runs and runs. The telephone is configured to enable STUN when it's provisioned. NAT is a fact of life, likely will be for quite some time to come. When everyone has public addresses, we can stop the STUN server, woohoo.
Well, it is a blocker if /I/ want to play with asterisk at home. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-27 00:13, Carlos E. R. wrote:
On 2016-05-26 23:25, Anton Aylward wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-)
Wow! Just the very thing :-) Copied to the tablet for reading.
Well, I read it, just before going to sleep. Not good except for a pointy-haired boss. Not technical at all and a bunch of generalizations. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 08:09 PM, Patrick Shanahan wrote:
* Anton Aylward
[05-26-16 17:42]: On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
God photomicrography, but they don't look particularly tasty. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-27 09:05, Per Jessen wrote:
James Knott wrote:
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way.
Yep, like I said you make it out to be a big deal. The STUN server took about 5mins to set up and it runs and runs and runs. The telephone is configured to enable STUN when it's provisioned. NAT is a fact of life, likely will be for quite some time to come. When everyone has public addresses, we can stop the STUN server, woohoo.
Well, it is a blocker if /I/ want to play with asterisk at home.
Assuming "at home" = on a private address, behind a router with NAT. Assuming "to play" = make and receive VoIP calls with SIP. You can run asterisk just as you can run a webserver, a mailserver, a VPN or a NAS at home, on your dynamic address. You will need a dynamic DNS service, but that's not a problem. You will need some port forwarding, also not a problem. For your external SIP clients, you could run a STUN server, also not a problem, or you could ask them to enable keep-alive. It's entirely doable, Carlos. That you're on a network behind a NAT router does make it more difficult, but only slightly. -- Per Jessen, Zürich (22.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-27 09:08, Per Jessen wrote:
Carlos E. R. wrote:
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
Carlos, you're loosing me - what does a normal person need a STUN server for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside.
Two meanings. One, that a normal client has to use a STUN server that somebody else creates,
Right. It's one of the options.
and that a person that tries to setup asterisk will probably also have to setup a STUN.
Depends on what that person wants to do. If he wants to establish calls _to_ SIP-clients behind NAT routers, something is required to keep the client-side NAT table up-to-date. STUN, keep-alive, Andrei mentioned SIP NAT traversal (I have no experience with the latter). -- Per Jessen, Zürich (21.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 11:33 PM, Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
That still doesn't enter host names in the DNS server. It simply provides DNS server addresses, instead of relying on DHCPv6 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 11:51 PM, Andrei Borzenkov wrote:
27.05.2016 04:42, James Knott пишет:
On 05/26/2016 03:05 PM, Per Jessen wrote:
James Knott wrote:
On 05/26/2016 12:41 PM, Per Jessen wrote:
Koenraad Lelong wrote:
P.S. maybe it's possible to automagically change the ipv6 addresses of my servers when I get a new prefix, but *I* don't know how to do that. dhcpv6.
Or more precisely, dhcpv6-pd, which gets your local prefix. Konraad would need dhcpv6 to dish out the fixed addresses to his servers automatically, that's what I meant.
And that's why I said dpchv6-pd. dhcpv6 by itself won't do it.
You confuse two things - how local router gets information about valid prefix(es) for global addresses and how local hosts get new prefix(es) distributed to them.
Konraad question was about the latter. The former can be achieved by DHCPv6 PD or any other means, including protocol private to provider. But even if you know new prefix you still need to distribute it to local hosts and *that* has absolutely nothing to do with Prefix Delegation.
No I'm not getting things confused. Dhcpv6 can provide a single IP address. Dhcpv6-pd is used to get the network prefix, which the router will in turn hand out to devices on the local network, usually with router advertisements. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 02:15 AM, Per Jessen wrote:
Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
https://tools.ietf.org/html/rfc6106 Very true - see radvd.conf::RDNSS. I'm not sure if we actually support that, it certainly didn't work in 13.2. I thought there was an open bugreport, but I can't find it.
Actually, it is supported. I discovered that problem where if my dhcp server was turned off, devices such as my tablet and phone didn't get DNS. I filed a report and it was fixed. https://bugzilla.opensuse.org/show_bug.cgi?id=916613 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 03:05 AM, Per Jessen wrote:
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way. Yep, like I said you make it out to be a big deal. The STUN server took about 5mins to set up and it runs and runs and runs. The telephone is configured to enable STUN when it's provisioned. NAT is a fact of life, likely will be for quite some time to come. When everyone has public addresses, we can stop the STUN server, woohoo.
The deal is it's still a hack to get around problems caused by NAT. Of course, NAT is a hack to get around the address shortage, so STUN is a hack on top of a hack. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/27/2016 02:15 AM, Per Jessen wrote:
Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
https://tools.ietf.org/html/rfc6106 Very true - see radvd.conf::RDNSS. I'm not sure if we actually support that, it certainly didn't work in 13.2. I thought there was an open bugreport, but I can't find it.
Actually, it is supported. I discovered that problem where if my dhcp server was turned off, devices such as my tablet and phone didn't get DNS. I filed a report and it was fixed.
Was it actually fixed already or is Marius still working on it? -- Per Jessen, Zürich (22.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 03:08 AM, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-05-26 21:40, Per Jessen wrote:
James Knott wrote:
Actually, with NAT, you have to use an STUN server to communicate the real address to the other end. Otherwise, it would try to use the NAT address, which wouldn't be reachable. This is just one example of a hack made necessary by NAT.
You make it out to be a big deal, James. We have had a STUN server running alongside Asterisk for years. In my office, anyone who's working from home has a VoIP telephone set (or uses a laptop client), whatever internet connection they're on at home is of no concern, they are reachable by VoIP.
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
Carlos, you're loosing me - what does a normal person need a STUN server for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside.
And, as is the case for most home consumers, it's not even that, as its not about PTP; they are just using it as a POTS replacement. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 05:54 AM, Carlos E. R. wrote:
On 2016-05-27 09:08, Per Jessen wrote:
Carlos E. R. wrote:
But that STUN server is probably set on a fixed address, so that it can be reached by the clients. That's the problem, normal people can't set up that lacking that fixed address. Yes, of course, there is dyndns and such, but...
Carlos, you're loosing me - what does a normal person need a STUN server for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside.
Two meanings. One, that a normal client has to use a STUN server that somebody else creates, and that a person that tries to setup asterisk will probably also have to setup a STUN.
For "probably" read "possibly". It depends on the business purpose of the Asterisk server. it also depends on the meaning of "normal" with respect to the client. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 07:08 AM, Per Jessen wrote:
James Knott wrote:
On 05/27/2016 02:15 AM, Per Jessen wrote:
Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
https://tools.ietf.org/html/rfc6106 Very true - see radvd.conf::RDNSS. I'm not sure if we actually support that, it certainly didn't work in 13.2. I thought there was an open bugreport, but I can't find it.
Actually, it is supported. I discovered that problem where if my dhcp server was turned off, devices such as my tablet and phone didn't get DNS. I filed a report and it was fixed.
https://bugzilla.opensuse.org/show_bug.cgi?id=916613 Was it actually fixed already or is Marius still working on it?
It was working in my 13.1 router/firewall, before I replaced it with pfsense. I'll have to check to see if it still works. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 07:09 AM, Anton Aylward wrote:
Carlos, you're loosing me - what does a normal person need a STUN server
for? Unless that normal person wants to provide VoIP services, he or she has no need. A STUN server has one single reason for being - to enable clients on a NAT'ed network to be reached from the outside. And, as is the case for most home consumers, it's not even that, as its not about PTP; they are just using it as a POTS replacement.
My home phone is via VoIP. I have a terminal from my cable provider sitting on a shelf. It provides a plain POTS interface that's connected to my home wiring. However, as mentioned elsewhere, it doesn't provide the benefits VoIP phones have. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 05/27/2016 07:08 AM, Per Jessen wrote:
James Knott wrote:
On 05/27/2016 02:15 AM, Per Jessen wrote:
Andrei Borzenkov wrote:
27.05.2016 04:41, James Knott пишет:
SLAAC is used only to create an address. It has nothing to do with DNS.
Not entirely true.
https://tools.ietf.org/html/rfc6106 Very true - see radvd.conf::RDNSS. I'm not sure if we actually support that, it certainly didn't work in 13.2. I thought there was an open bugreport, but I can't find it.
Actually, it is supported. I discovered that problem where if my dhcp server was turned off, devices such as my tablet and phone didn't get DNS. I filed a report and it was fixed.
https://bugzilla.opensuse.org/show_bug.cgi?id=916613 Was it actually fixed already or is Marius still working on it?
It was working in my 13.1 router/firewall, before I replaced it with pfsense. I'll have to check to see if it still works.
It's not working on my 13.[12] clients, nor on Leap. -- Per Jessen, Zürich (22.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 09:54 PM, James Knott wrote:
On 05/26/2016 05:14 PM, Anton Aylward wrote:
I often use IP connectivity that isn't IPv6 outside my house.
Libraries, malls, conference centres, hotels, ... And yes, most of them are using a NAT'd service.
And just to rub the point in, one of the thing I do using this 'outside the house' NAT'd IP service is make phone calls from my tablet using a softphone AND NO STUN.
Then you must be using a server for the duration of the call. With VoIP, the server is supposed to be used only for setting up a peer to peer call and then drops out of the picture.
James: I DON"T CARE! MOST HOME USERS DON'T CARE! We're talking about POTS replacement for home users, for most SMB users and even for most office users with a simple, straight forward PBX that doubled as a intercom service within a single office. its only a great technology and cost reducer in some cases. The home users use 'phone numbers', not SIP-SIP. Here in Toronto, Rogers and bell converted their dial-up analogue line customers to internet based "home phone" service by installing a independently powered, independently addressed ATA on the incoming line (cable, DSL, fibre) and patching it in to the house (analogue) wiring. Unfortunately they didn't massively reduce the charge to the customer although this did massively reduce their costs. I had this setup for a while. Its only advantage was that it had batter backup so survived power outages. I now have my own ATA and an 3rd part VoIP service (operating out of Montreal but with a local node here in Toronto as well as local nodes though North America and western Europe) for about 12% of what Rogers was charging me for the "Home Phone". Calls are flat rate; it doesn't matter if I'm calling my next door neighbour or a friend in new Zealand, so long as its near somewhere they have a node or their business peers have a node. (There's a premium for contacting cell phones in some counties.) So long as phones are a mass consumer item then they will be emulating the POTS system, just as cell phones are. Consumers (as well as most businesses) don't care about the stuff you care about so long as "it works" and the costs stay down. Part of the reason the telcos have to convert to VoIP and are, like Rogers and Bell and others, slowly pushing their cable service prices up, is that most businesses are moving away from voice service. Web based services for bill payment, complaints, sign-up, cancellation, problem reporting are taking over from the voice-phone based. Its economics; many of these services can be automated. Some. like power/hydro are automatically serviced with 'smart meters'. I'm not saying that vice telephone will vanish. There are always going to be teenage girls. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 02:38 AM, Per Jessen wrote:
Anton Aylward wrote:
I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA.
Right - they probably both have STUN or keep-alive enabled.
I keep telling you: NO THEY DON"T -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/27/2016 02:38 AM, Per Jessen wrote:
Anton Aylward wrote:
I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA.
Right - they probably both have STUN or keep-alive enabled.
I keep telling you: NO THEY DON"T
Then you won't be receiving any calls. -- Per Jessen, Zürich (22.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 07:47 AM, Per Jessen wrote:
Anton Aylward wrote:
On 05/27/2016 02:38 AM, Per Jessen wrote:
Anton Aylward wrote:
I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA.
Right - they probably both have STUN or keep-alive enabled.
I keep telling you: NO THEY DON"T
Then you won't be receiving any calls.
That is not the case.. If I choose not to answer after seeing the incoming number, or of I'm not in to answer the call anyway, that doesn't mean the phone doesn't ring. Neck, I get enough calls in the early evening, the kitchen phone ringing when I'm cooking dinner that I REFUSE to answer since if I'm nattering on the phone dinner will spoil/burn. When I collect VM later it turns out it was always some salesman. Friends&relative now the ebst times to call me and don't make blunders like that. So BAH! I refute your assertion that I can't get incoming calls even though I don't use STUN. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/27/2016 07:47 AM, Per Jessen wrote:
Anton Aylward wrote:
On 05/27/2016 02:38 AM, Per Jessen wrote:
Anton Aylward wrote:
I can only say that my tablet softphone uses the same settings as my behind-the NAT ATA.
Right - they probably both have STUN or keep-alive enabled.
I keep telling you: NO THEY DON"T
Then you won't be receiving any calls.
That is not the case.. If I choose not to answer after seeing the incoming number, or of I'm not in to answer the call anyway, that doesn't mean the phone doesn't ring.
Neck, I get enough calls in the early evening, the kitchen phone ringing when I'm cooking dinner that I REFUSE to answer since if I'm nattering on the phone dinner will spoil/burn.
When I collect VM later it turns out it was always some salesman. Friends&relative now the ebst times to call me and don't make blunders like that.
So BAH! I refute your assertion that I can't get incoming calls even though I don't use STUN.
I did say "or keep-alive". I am not aware of anything else that will keep your NAT'ed device available for external access. I have some people in home offices on NAT'ed networks, without STUN or keep-alive, they can only call out, but we can't call them. Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know. -- Per Jessen, Zürich (23.3°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-27 12:58, James Knott wrote:
On 05/27/2016 03:05 AM, Per Jessen wrote:
If they're behind NAT, they need some means to tell the other end what their real address is. STUN does that. It also wouldn't be necessary if NAT wasn't in the way. Yep, like I said you make it out to be a big deal. The STUN server took about 5mins to set up and it runs and runs and runs. The telephone is configured to enable STUN when it's provisioned. NAT is a fact of life, likely will be for quite some time to come. When everyone has public addresses, we can stop the STUN server, woohoo.
The deal is it's still a hack to get around problems caused by NAT. Of course, NAT is a hack to get around the address shortage, so STUN is a hack on top of a hack.
Yes. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know.
Yes. In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know.
Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
Which makes a lot of sense. I'm sure that is what Swisscom and Deutsche Telekom will be doing that too to replace ISDN BRI - possibly with ipv6 instead. I've been meaning to ask Swisscom to send me a test box and set up a test line for me. (business customer, and we have some spare lines). -- Per Jessen, Zürich (23.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 08:05 AM, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know.
I am behind NAT, that I'm sure of :-) I an NOT using STUN, that I'm sure of ;-) I have not sacrificed any chickens, virgins or made incantations from ancient and obscure books bound in human skin. That, too, I'm sure of :-) What I do think, and Andrei seems to hint at this, is that there's more to this technology and its implementation than you (or I for that matter) seem to know about. If the technologists that are behind my service provider say "no need for STUN" and the ATA I use works, and believe me I do get incoming calls, then there's something else going on. If that something else is a keep-alive baked into this technology, then its clear its something you are unaware of and that I'm using though unaware of. This does not surprise me. There's a lot of technology I use of which the details I'm unaware. I think that some time around the era of Newton & Leibniz science & technology became too involved, too extensive for one man to keep in his head, so that I'm using technology I don't fully grok is just something I live with. I don't know how to do genetic engineering or grow petunias either. The former does not distress me; the latter sometimes does. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 08:36 AM, Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know.
Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
Back in the days of the Rogers Home Phone it was like that for me too. But now my ATA is on the inside of my cable router and on the inside of my NAT firewall. And it works for incoming calls even thought the STUN is blank, as my service provider <strike>recommends</strike> insists. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/27/2016 08:05 AM, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know.
I am behind NAT, that I'm sure of :-) I an NOT using STUN, that I'm sure of ;-)
I have not sacrificed any chickens, virgins or made incantations from ancient and obscure books bound in human skin. That, too, I'm sure of :-)
What I do think, and Andrei seems to hint at this, is that there's more to this technology and its implementation than you (or I for that matter) seem to know about.
I still suspect a keep-alive enabled by default. Your device looks a lot like my Linksys SPA2102, just a more modern cousin. Mine has default 15 seconds keep-alive. -- Per Jessen, Zürich (24.7°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 07:18 AM, Per Jessen wrote:
It was working in my 13.1 router/firewall, before I replaced it with
pfsense. I'll have to check to see if it still works. It's not working on my 13.[12] clients, nor on Leap.
I don't think it works in wicked. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 07:11 AM, James Knott wrote:
It was working in my 13.1 router/firewall, before I replaced it with pfsense. I'll have to check to see if it still works.
I just fired up Wireshark to look at a router advertisement. It includes DNS server information. So, RDNSS is supported in pfsense. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 08:36 AM, Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know. Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
So, that little box connects to an STUN server or uses other keep alive. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 08:44 AM, Anton Aylward wrote:
If the technologists that are behind my service provider say "no need for STUN" and the ATA I use works, and believe me I do get incoming calls, then there's something else going on.
Perhaps that little box is doing STUN. The way to be sure is to use something like wireshark to see what's being sent over the line. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-27 23:25, James Knott wrote:
On 05/27/2016 08:36 AM, Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know. Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
So, that little box connects to an STUN server or uses other keep alive.
I think neither, because it does not use NAT. It is a 10.*.*.* VPN, different from the house LAN at 192.168.1.* -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/26/2016 03:37 AM, Roger Price wrote:
On Thu, 26 May 2016, Per Jessen wrote:
James Knott wrote:
On 05/25/2016 09:26 AM, Anton Aylward wrote: I have a browser add-on called "ShowIP", which displays the IP address of the site I'm connected to.
Is this the ShowIP advertized at https://addons.mozilla.org/fr/firefox/addon/showip/ ? That addon is a known security risk: see https://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-a...
Is there some other less intrusive way of seeing the IP of the server?
Roger
The site that the data supposedly goes to doesn't exist. $ host ip2info.org Host ip2info.org not found: 3(NXDOMAIN -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 09:20 PM, James Knott wrote:
Is there some other less intrusive way of seeing the IP of the server?
Roger The site that the data supposedly goes to doesn't exist.
$ host ip2info.org Host ip2info.org not found: 3(NXDOMAIN
Also, that article is 4 years old. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 05:48 PM, Carlos E. R. wrote:
On 2016-05-27 23:25, James Knott wrote:
On 05/27/2016 08:36 AM, Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know. Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
So, that little box connects to an STUN server or uses other keep alive. I think neither, because it does not use NAT. It is a 10.*.*.* VPN, different from the house LAN at 192.168.1.*
Well, that explains it. I don't think you mentioned anything earlier that would indicate your VoIP wasn't via NAT. You'd have a non NAT route to the server. However, you still can't talk peer - peer to someone running VoIP at the other end. You have to keep that server on the call for the duration. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/27/2016 05:28 PM, James Knott wrote:
On 05/27/2016 08:44 AM, Anton Aylward wrote:
If the technologists that are behind my service provider say "no need for STUN" and the ATA I use works, and believe me I do get incoming calls, then there's something else going on.
Perhaps that little box is doing STUN. The way to be sure is to use something like wireshark to see what's being sent over the line.
It is not using STUN. It is configured not use STUN. That's not ticked off and the STUN Address field is blank. The service provider EXPLICITLY said not to use STUN. I've asked that a number of times and they insist. I'm not breaking open this box lest whatever magic makes it work without STUN leaks out :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-28 14:48, James Knott wrote:
On 05/27/2016 05:48 PM, Carlos E. R. wrote:
On 2016-05-27 23:25, James Knott wrote:
On 05/27/2016 08:36 AM, Carlos E. R. wrote:
On 2016-05-27 14:05, Per Jessen wrote:
Maybe you're just using black magic or maybe you're not behind a NAT router or maybe you are using STUN or keep-alive, but you don't know. Yes.
In my case, it is done on a little box placed before the router, and it uses a 10.*.*.* network.
So, that little box connects to an STUN server or uses other keep alive. I think neither, because it does not use NAT. It is a 10.*.*.* VPN, different from the house LAN at 192.168.1.*
Well, that explains it. I don't think you mentioned anything earlier that would indicate your VoIP wasn't via NAT. You'd have a non NAT route to the server.
Yes, I did. But the thread is long, easy to miss a point.
However, you still can't talk peer - peer to someone running VoIP at the other end. You have to keep that server on the call for the duration.
Assuming I can use a SIP phone on that (I haven't been able to, the company changes parameters so that it fails, intentionally), I would have to do NAT on some router on my ISP premises. Or the registrar would have to do things on it. At least to phone via SIP to people outside that network. The intention of that network is to replace POTs transparently, not for people to use VoIP. And charge per call and per minute. Notice that Asterisk doesn't behave always "peer to peer". Sometimes it handles the call, changing to another codec in its CPU, and sends forward to the destination. Asterisk might thus also handle NAT without STUN if it sits on both networks. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
James Knott wrote:
On 05/27/2016 07:11 AM, James Knott wrote:
It was working in my 13.1 router/firewall, before I replaced it with pfsense. I'll have to check to see if it still works.
I just fired up Wireshark to look at a router advertisement. It includes DNS server information. So, RDNSS is supported in pfsense.
So your /etc/resolv.conf is updated accordingly? It's not such a big deal for me, we'll probably leave it to dhcp to dish out the info, but I think it ought to work. -- Per Jessen, Zürich (22.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
Notice that Asterisk doesn't behave always "peer to peer". Sometimes it handles the call, changing to another codec in its CPU, and sends forward to the destination. Asterisk might thus also handle NAT without STUN if it sits on both networks.
It's not about Asterisk, it's about the SIP client. Any properly configured SIP client can connect to Asterisk and make calls, but if the client is on a NAT'ed network, something has to keep the NAT entry "open" - keep-alive or STUN. I'm not really sure what the big difference is. -- Per Jessen, Zürich (20.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-28 20:41, Per Jessen wrote:
Carlos E. R. wrote:
Notice that Asterisk doesn't behave always "peer to peer". Sometimes it handles the call, changing to another codec in its CPU, and sends forward to the destination. Asterisk might thus also handle NAT without STUN if it sits on both networks.
It's not about Asterisk, it's about the SIP client. Any properly configured SIP client can connect to Asterisk and make calls, but if the client is on a NAT'ed network, something has to keep the NAT entry "open" - keep-alive or STUN. I'm not really sure what the big difference is.
Well, I'm considering a slightly different case here (based on mine). I'm (my phone is) on a 10.*.*.* network, as would be the asterisk server on the ISP. Both on the same network. And then thinking how would I make a call to a SIP phone on internet. If the asterisk server sits on both networks, it would handle it completely, I think. Just thinking out loud :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 05/28/2016 02:10 PM, Per Jessen wrote:
James Knott wrote:
On 05/27/2016 07:11 AM, James Knott wrote:
It was working in my 13.1 router/firewall, before I replaced it with pfsense. I'll have to check to see if it still works. I just fired up Wireshark to look at a router advertisement. It includes DNS server information. So, RDNSS is supported in pfsense. So your /etc/resolv.conf is updated accordingly? It's not such a big deal for me, we'll probably leave it to dhcp to dish out the info, but I think it ought to work.
To verify this, I had to turn off the dhcp server. What I found was my Android tablet and also my ThinkPad running Windows 7 worked fine over IPv6, but the same ThinkPad, running openSUSE 13.1 didn't. So, I guess there's a problem with the network manager, where it requires dhcp to get a DNS address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-05-28 20:41, Per Jessen wrote:
Carlos E. R. wrote:
Notice that Asterisk doesn't behave always "peer to peer". Sometimes it handles the call, changing to another codec in its CPU, and sends forward to the destination. Asterisk might thus also handle NAT without STUN if it sits on both networks.
It's not about Asterisk, it's about the SIP client. Any properly configured SIP client can connect to Asterisk and make calls, but if the client is on a NAT'ed network, something has to keep the NAT entry "open" - keep-alive or STUN. I'm not really sure what the big difference is.
Well, I'm considering a slightly different case here (based on mine). I'm (my phone is) on a 10.*.*.* network, as would be the asterisk server on the ISP. Both on the same network.
Right.
And then thinking how would I make a call to a SIP phone on internet. If the asterisk server sits on both networks, it would handle it completely, I think.
A SIP-call is typically done with a URL sip://someone@domain - from <domain>, the SIP client determines which server to contact and that's pretty much it. With a SIP-client on 10/8, you could do the same, but only if your telco has a NAT facility. Which I don't see any reason for them to have. If you do it from your normal internet connection (e.g. with a softphone), NAT'ed or otherwise, it should just work. (STUN and keep-alive don't matter). If you want to play with it, I'll be happy to set up a SIP account on our Asterisk. -- Per Jessen, Zürich (19.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-28 21:24, Per Jessen wrote:
Carlos E. R. wrote:
Well, I'm considering a slightly different case here (based on mine). I'm (my phone is) on a 10.*.*.* network, as would be the asterisk server on the ISP. Both on the same network.
Right.
And then thinking how would I make a call to a SIP phone on internet. If the asterisk server sits on both networks, it would handle it completely, I think.
A SIP-call is typically done with a URL sip://someone@domain - from <domain>, the SIP client determines which server to contact and that's pretty much it. With a SIP-client on 10/8, you could do the same, but only if your telco has a NAT facility. Which I don't see any reason for them to have. If you do it from your normal internet connection (e.g. with a softphone), NAT'ed or otherwise, it should just work. (STUN and keep-alive don't matter). If you want to play with it, I'll be happy to set up a SIP account on our Asterisk.
Oh, thanks, but I'm not in a hurry to real test it :-) I'm just curious. You are right, the telco has no reason to do it. It would be incoming calls which would be more of a problem. I did some experimenting with asterisk on a lab few years back, we played a lot. But not this particular situation. One idea of mine is to figure out if it is possible to do SIP with my telco (emulating POTs), and then setup a little asterisk at home to do call screening. But I'm not on a hurry to try it out, either. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2016-05-27 at 00:18 +0200, Carlos E. R. wrote:
On 2016-05-26 23:39, Anton Aylward wrote:
On 05/26/2016 02:19 PM, Carlos E. R. wrote:
And bugs. Nice, tasty bugs.
You've been watching too many nature documentaries.
Oh, I was rather thinking of Tolkien and Gollum. :-)
I forgot to clarify. The tasty bugs refers to the software bugs that will come with the IoT, which means money for professionals. ;-) - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAldK3oMACgkQtTMYHG2NR9XKgQCfe8gGCc8Y7mGqHPJm7cGCWN4L 7LIAn3IHU9iYT7QK3U0HO/FGFgGZ8iUB =R+cQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/29/2016 08:20 AM, Carlos E. R. wrote:
I forgot to clarify. The tasty bugs refers to the software bugs that will come with the IoT, which means money for professionals. ;-)
Ah yes, "Context is Everything" -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/26/2016 05:38 PM, Carlos E. R. wrote:
On 2016-05-26 20:17, James Knott wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-) An excellent reference is "IPv6 Essentials".
http://shop.oreilly.com/product/0636920023432.do $31.99? Way to expensive for me.
I see it's $14.74 on Google Play. https://play.google.com/store/books/details/Silvia_Hagen_IPv6_Essentials?id=... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-05-29 19:32, James Knott wrote:
On 05/26/2016 05:38 PM, Carlos E. R. wrote:
On 2016-05-26 20:17, James Knott wrote:
On 05/26/2016 01:59 PM, Carlos E. R. wrote:
I need an IPv6 for dummies book. :-) An excellent reference is "IPv6 Essentials".
http://shop.oreilly.com/product/0636920023432.do $31.99? Way to expensive for me.
I see it's $14.74 on Google Play. https://play.google.com/store/books/details/Silvia_Hagen_IPv6_Essentials?id=...
Better :-) But it is an older edition. It says "24.72€", which is way more than "$14.74". Go figure. I knew a site that would comment on a book and then search at several seller sites, with prices. I can't locate the link. Might be "http://www.goodreads.com/" http://www.goodreads.com/book/show/27356626-ipv6-essentials-3rd-edition?from_search=true&search_version=service There are several editions, the current is the 6th but some sell older ones. The link to amazon is dead. But a search at amazon says 33.28€, much less if used, but some much more if used. Huh? It doesn't cite google play? 18.74 at Kobo. However, these are the type of books I prefer on paper. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/01/2016 02:12 PM, Carlos E. R. wrote:
I see it's $14.74 on Google Play.
https://play.google.com/store/books/details/Silvia_Hagen_IPv6_Essentials?id=... Better :-)
But it is an older edition. It says "24.72€", which is way more than "$14.74". Go figure.
The 3rd edition is the latest. I still see $14.74. I guess it costs more to ship ebooks to Spain. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 2016-06-01 at 15:32 -0400, James Knott wrote:
On 06/01/2016 02:12 PM, Carlos E. R. wrote:
I see it's $14.74 on Google Play.
https://play.google.com/store/books/details/Silvia_Hagen_IPv6_Essentials?id=... Better :-)
But it is an older edition. It says "24.72€", which is way more than "$14.74". Go figure.
The 3rd edition is the latest. I still see $14.74. I guess it costs more to ship ebooks to Spain. ;-)
Hmm, I see £20.39 for the kindle edition of the 3rd edition but I could buy a new paper copy for £14.49 (not directly from Amazon). I guess it costs a lot to ship electrons across the pond, especially when compared to the cost of shipping paper :) Cheers, Dave PS On .com I see paper for $35.35 from Amazon, $29.85 kindle. So I guess they're pretty keen on slicing the market. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-ID:
On Wed, 2016-06-01 at 15:32 -0400, James Knott wrote:
On 06/01/2016 02:12 PM, Carlos E. R. wrote:
I see it's $14.74 on Google Play.
https://play.google.com/store/books/details/Silvia_Hagen_IPv6_Essentials?id=... Better :-)
But it is an older edition. It says "24.72€", which is way more than "$14.74". Go figure.
The 3rd edition is the latest. I still see $14.74. I guess it costs more to ship ebooks to Spain. ;-)
Hmm, I see £20.39 for the kindle edition of the 3rd edition but I could buy a new paper copy for £14.49 (not directly from Amazon). I guess it costs a lot to ship electrons across the pond, especially when compared to the cost of shipping paper :)
Funny. Kobo today lists it at 18.74€. One issue is that paper books get a reduced tax, whereas ebooks are taxed as luxury items. Or something like that. On the other hand, shipping paper is expensive, so it depends a lot. Shipping a single book, which would be applied to me, is expensive. Shipping a bunch and selling on bookstores is cheaper. But I don't live on a big city, so no chance to find it locally.
PS On .com I see paper for $35.35 from Amazon, $29.85 kindle. So I guess they're pretty keen on slicing the market.
In this case, I want paper, and amazon.es wants 60€ for that, used. https://www.amazon.es/s/ref=nb_sb_noss?__mk_es_ES=%C3%85M%C3%85%C5%BD%C3%95%C3%91&url=search-alias%3Daps&field-keywords=+IPv6+Essentials%2C+3rd+Edition+by+Silvia+Hagen Google finds the 2nd edition in PDF. I don't suppose that's a legal copy. - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAldQGsoACgkQtTMYHG2NR9UD8wCfQ/X6wffxWVbV8E1iQxUFcdxI h5UAniCalytFV5yVaJMPrNgD7qK+NvZr =326k -----END PGP SIGNATURE-----
Carlos E. R. wrote:
In this case, I want paper, and amazon.es wants 60€ for that, used.
Something must be driving up the price of books in Spain? On amazon.de, it's available for EUR28.95, new paperback. In Switzerland at exlibris.ch, it's CHF48.50 for a hardback, CHF30.90 for a paperback. -- Per Jessen, Zürich (19.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 02.06.2016 um 14:07 schrieb Per Jessen:
Carlos E. R. wrote:
In this case, I want paper, and amazon.es wants 60€ for that, used.
Something must be driving up the price of books in Spain?
this is geotargeting. More and more websites show different prices for different countries, first and foremost travel agencies and flight tickets. The differences are often *very* big, when you go to the same page in more or less the same moment via proxies in different countries. Also many sites now adjust the prices to your consumer behaviour, via your history on their site or via tracking you thru the web. If they think you like to purchase expensive goods, the prices go up for you. Many websites are very sophisticated in using these tricks to optimize their income. Just using a separated virgin browser profile can already help a bit. -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Daniel Bauer wrote:
Am 02.06.2016 um 14:07 schrieb Per Jessen:
Carlos E. R. wrote:
In this case, I want paper, and amazon.es wants 60€ for that, used.
Something must be driving up the price of books in Spain?
this is geotargeting. More and more websites show different prices for different countries, first and foremost travel agencies and flight tickets.
That has been like that for more than twenty years. I used to work in the airline industry, I know quite well how to get the best car rental prices. Nothing new about it at all. Airlines tickets, yep - train tickets, they're catching up. However, inside the EU there is little reason for such big price differences on e.g. consumer goods, unless they're produced locallyor unless they;re subject to local taxation or price regulation. Read "little reason" == "it's illegal".
Also many sites now adjust the prices to your consumer behaviour, via your history on their site or via tracking you thru the web. If they think you like to purchase expensive goods, the prices go up for you.
That one is new to me, I guess it's possible, but I would hate to have to write te book-keeping system. -- Per Jessen, Zürich (17.5°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-06-02 20:59, Per Jessen wrote:
Also many sites now adjust the prices to your consumer behaviour, via your history on their site or via tracking you thru the web. If they think you like to purchase expensive goods, the prices go up for you.
That one is new to me, I guess it's possible, but I would hate to have to write te book-keeping system.
I did the search on two different browsers, so it was not the case. However, maybe I used incorrect search terms. I'll have to try again. Taxes, yes, could be different. And foreign books have always been expensive in Spain. I always assumed it was the transport. I'll have to ask friends here. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-06-02 20:59, Per Jessen wrote:
Also many sites now adjust the prices to your consumer behaviour, via your history on their site or via tracking you thru the web. If they think you like to purchase expensive goods, the prices go up for you.
That one is new to me, I guess it's possible, but I would hate to have to write te book-keeping system.
I did the search on two different browsers, so it was not the case.
I'm sure it wasn't - adjusting the price due to the user's shopping habits is seriously dodgy. It would also play merry hell with the book-keeping, I really don't see how it could be done. -- Per Jessen, Zürich (18.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/06/16 20:59, Per Jessen wrote:
Daniel Bauer wrote:
Am 02.06.2016 um 14:07 schrieb Per Jessen: this is geotargeting. More and more websites show different prices for different countries, first and foremost travel agencies and flight tickets.
That has been like that for more than twenty years. I used to work in the airline industry, I know quite well how to get the best car rental prices. Nothing new about it at all. Airlines tickets, yep - train tickets, they're catching up. However, inside the EU there is little reason for such big price differences on e.g. consumer goods, unless they're produced locallyor unless they;re subject to local taxation or price regulation. Read "little reason" == "it's illegal".
Recently I was booking a flight with British Airways and found that the prices shot up on their UK site, so I had to book through their French site instead which offered much better deals for the exact same flights. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (20)
-
Andrei Borzenkov
-
Anton Aylward
-
Carlos E. R.
-
Chris Murphy
-
Daniel Bauer
-
Dave Howorth
-
Dave Howorth
-
Dave Plater
-
gumb
-
James Knott
-
jdd
-
Jeffrey L. Taylor
-
Jeremy Baker
-
Koenraad Lelong
-
Lew Wolfgang
-
Mathias Homann
-
Patrick Shanahan
-
Per Jessen
-
Roger Price
-
Yamaban