Mailinglist Archive: opensuse-factory (808 mails)

["Bernhard M. Wiedemann" <bernhardout@xxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 14.08.2011 18:54, schrieb Freek de Kruijf:
> Ludwig Nussel wrote on Fri, 14 Jan 2011 13:41:27 +0100,
>
> > > Andreas Jaeger wrote:
> > >
> > > So, my proposal is to do the following two changes:
> > > * Use 2 instead of 1 in /etc/rc.d/boot.ipconfig for enabling the privacy
> > > extensions
> > > * Set IPV6_PRIVACY=yes in /etc/sysconfig/sysctl
> >
> >
> > If at all leave IPV6_PRIVACY empty by default and assume 2 in that
> > case in boot.ipconfig. However, I'd rather suggest to drop
> > boot.ipconfig completely and have the kernel itself start with a
> > sane default value.
>
> About a month ago I got a new modem from my ISP which offers native IPv6. 
> After a lot of experimenting I have the following recommendations.
>
> The default for the dynamic IP address should not be DHCP both 4 and 6, but 
> DHCP version 4 only. The reason is that most likely an IPv6 router will not 
> have support for DHCP6, mine does not offer a DHCP6 service. It means that 
> enabling IPv6 by default relies on Stateless Address Autoconfiguration (SAA), 
> which is a perfect choice. When there is no DHCP6 server available and the 
> address of an interface depends on SAA it takes up to 10 minutes before the 
> interface gets its global IPv6 address. Disabling DHCP6 in this case provides 
> the address in 2 seconds.
>
> The subject of privacy in IPv6 is only relevant when you use a mobile device. 
> For a rather static device or privacy is no concern, the above method is 
> sufficient or rather required. In Linux the host part of the IPv6 address, 
> the 
> lower 64 bits, is always the same; it is derived from the MAC address of the 
> interface, but in the very unlikely case of duplication, this will be 
> prevented, because the IPv6 protocol always checks for duplicated addresses. 
> So in case one wants to communicate between devices using IPv6, this is 
> possible. One could set these more or less static addresses in the /etc/hosts 
> file or manually introduce them in a DNS server.
>
> So in the case of a privacy concern in a mobile device, one has to set 
> IPV6_PRIVACY=yes. This means that the host part of the IPv6 address will be 
> generated randomly after which a check for a duplicated address will be made. 
> This host part will even be regenerated after 24 hours, if the device is 
> active that long.
>
> When a DHCP6 server is present in the network, and a dynamic address is 
> required, one has to enable DHCP both for version 4 and 6, but this should 
> not 
> be a default setting. Also in this case SAA is still available and should 
> work. Using DHCP6 is called Stateful Address Autoconfiguration
>
> In case of a static IPv6 address, some more information should be provided in 
> the Help about how and what to do. In that case one has to set the IPv6 
> address of the default gateway. However this could be avoided by searching 
> for 
> this address when the network starts. Currently this is not done.

You can set static IPv6 addrs and routes with "yast2 lan", by adding an
Additional Address - and you need to put "/64" into the "Netmask" field
there which is a bit ugly.

or you add to /etc/sysconfig/network/ifcfg-eth0
IPADDR_1='2001:DB8:1234:5678::1/64'

and to /etc/sysconfig/network/routes
default FE80::1234 - eth0


oh and I also always disable DHCP6, because I just run radvd for my LANs
- - really speeds up booting a lot.

Ciao
Bernhard M.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk5IJToACgkQSTYLOx37oWRemgCghtPYgqfND4atLV0Dy0D7Xb2R
uUoAoPkqDbD5BezdySpt9+7SrklkmQ14
=diKs
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx