[opensuse-factory] IPv6 (privacy) in openSUSE
Ludwig Nussel wrote on Fri, 14 Jan 2011 13:41:27 +0100,
Andreas Jaeger wrote:
So, my proposal is to do the following two changes: * Use 2 instead of 1 in /etc/rc.d/boot.ipconfig for enabling the privacy extensions * Set IPV6_PRIVACY=yes in /etc/sysconfig/sysctl
If at all leave IPV6_PRIVACY empty by default and assume 2 in that case in boot.ipconfig. However, I'd rather suggest to drop boot.ipconfig completely and have the kernel itself start with a sane default value.
About a month ago I got a new modem from my ISP which offers native IPv6. After a lot of experimenting I have the following recommendations. The default for the dynamic IP address should not be DHCP both 4 and 6, but DHCP version 4 only. The reason is that most likely an IPv6 router will not have support for DHCP6, mine does not offer a DHCP6 service. It means that enabling IPv6 by default relies on Stateless Address Autoconfiguration (SAA), which is a perfect choice. When there is no DHCP6 server available and the address of an interface depends on SAA it takes up to 10 minutes before the interface gets its global IPv6 address. Disabling DHCP6 in this case provides the address in 2 seconds. The subject of privacy in IPv6 is only relevant when you use a mobile device. For a rather static device or privacy is no concern, the above method is sufficient or rather required. In Linux the host part of the IPv6 address, the lower 64 bits, is always the same; it is derived from the MAC address of the interface, but in the very unlikely case of duplication, this will be prevented, because the IPv6 protocol always checks for duplicated addresses. So in case one wants to communicate between devices using IPv6, this is possible. One could set these more or less static addresses in the /etc/hosts file or manually introduce them in a DNS server. So in the case of a privacy concern in a mobile device, one has to set IPV6_PRIVACY=yes. This means that the host part of the IPv6 address will be generated randomly after which a check for a duplicated address will be made. This host part will even be regenerated after 24 hours, if the device is active that long. When a DHCP6 server is present in the network, and a dynamic address is required, one has to enable DHCP both for version 4 and 6, but this should not be a default setting. Also in this case SAA is still available and should work. Using DHCP6 is called Stateful Address Autoconfiguration In case of a static IPv6 address, some more information should be provided in the Help about how and what to do. In that case one has to set the IPv6 address of the default gateway. However this could be avoided by searching for this address when the network starts. Currently this is not done. -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 14.08.2011 18:54, schrieb Freek de Kruijf:
Ludwig Nussel wrote on Fri, 14 Jan 2011 13:41:27 +0100,
Andreas Jaeger wrote:
So, my proposal is to do the following two changes: * Use 2 instead of 1 in /etc/rc.d/boot.ipconfig for enabling the privacy extensions * Set IPV6_PRIVACY=yes in /etc/sysconfig/sysctl
If at all leave IPV6_PRIVACY empty by default and assume 2 in that case in boot.ipconfig. However, I'd rather suggest to drop boot.ipconfig completely and have the kernel itself start with a sane default value.
About a month ago I got a new modem from my ISP which offers native IPv6. After a lot of experimenting I have the following recommendations.
The default for the dynamic IP address should not be DHCP both 4 and 6, but DHCP version 4 only. The reason is that most likely an IPv6 router will not have support for DHCP6, mine does not offer a DHCP6 service. It means that enabling IPv6 by default relies on Stateless Address Autoconfiguration (SAA), which is a perfect choice. When there is no DHCP6 server available and the address of an interface depends on SAA it takes up to 10 minutes before the interface gets its global IPv6 address. Disabling DHCP6 in this case provides the address in 2 seconds.
The subject of privacy in IPv6 is only relevant when you use a mobile device. For a rather static device or privacy is no concern, the above method is sufficient or rather required. In Linux the host part of the IPv6 address, the lower 64 bits, is always the same; it is derived from the MAC address of the interface, but in the very unlikely case of duplication, this will be prevented, because the IPv6 protocol always checks for duplicated addresses. So in case one wants to communicate between devices using IPv6, this is possible. One could set these more or less static addresses in the /etc/hosts file or manually introduce them in a DNS server.
So in the case of a privacy concern in a mobile device, one has to set IPV6_PRIVACY=yes. This means that the host part of the IPv6 address will be generated randomly after which a check for a duplicated address will be made. This host part will even be regenerated after 24 hours, if the device is active that long.
When a DHCP6 server is present in the network, and a dynamic address is required, one has to enable DHCP both for version 4 and 6, but this should not be a default setting. Also in this case SAA is still available and should work. Using DHCP6 is called Stateful Address Autoconfiguration
In case of a static IPv6 address, some more information should be provided in the Help about how and what to do. In that case one has to set the IPv6 address of the default gateway. However this could be avoided by searching for this address when the network starts. Currently this is not done.
You can set static IPv6 addrs and routes with "yast2 lan", by adding an Additional Address - and you need to put "/64" into the "Netmask" field there which is a bit ugly. or you add to /etc/sysconfig/network/ifcfg-eth0 IPADDR_1='2001:DB8:1234:5678::1/64' and to /etc/sysconfig/network/routes default FE80::1234 - eth0 oh and I also always disable DHCP6, because I just run radvd for my LANs - - really speeds up booting a lot. Ciao Bernhard M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk5IJToACgkQSTYLOx37oWRemgCghtPYgqfND4atLV0Dy0D7Xb2R uUoAoPkqDbD5BezdySpt9+7SrklkmQ14 =diKs -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On zondag 14 augustus 2011 21:42:51 Bernhard M. Wiedemann wrote:
Am 14.08.2011 18:54, schrieb Freek de Kruijf:
In case of a static IPv6 address, some more information should be provided in the Help about how and what to do. In that case one has to set the IPv6 address of the default gateway. However this could be avoided by searching for this address when the network starts. Currently this is not done.
You can set static IPv6 addrs and routes with "yast2 lan", by adding an Additional Address - and you need to put "/64" into the "Netmask" field there which is a bit ugly.
or you add to /etc/sysconfig/network/ifcfg-eth0 IPADDR_1='2001:DB8:1234:5678::1/64'
and to /etc/sysconfig/network/routes default FE80::1234 - eth0
I tried without a default gateway and that did not work. After that I put in the global address masked with /64 and that worked. At this moment I got the address of the router via a traceroute command to an IPv6 address, which gives me the global IPv6 address of the router.
oh and I also always disable DHCP6, because I just run radvd for my LANs - really speeds up booting a lot.
The above, editing files, is more for the experienced user. I have the less experienced user in mind and I want to make it for that user as easy as possible. So I want to stick with what needs to be done in YaST and not really direct the user to editing certain files to achieve a goal. -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hi all, I currently run a dual-stacked network and would like to say that you *MUST NOT* disable DHCPv6 by default - quite the opposite in fact, both DHCPv4 and v6 need to be enabled from the get-go with appropriate firewall rules. Having a DHCPv6 client will not (and should not) interfere with SLAAC in any way since Router Advertisements will inform clients as to whether or not there is a running DHCPv6 server - any router that is indicating in RAs that it is running a DHCPv6 server when it in fact is not is effectively *broken* (or criminally misconfigured) and is something that needs to be fixed at source, not worked-around by default-disabling DHCPv6 for everyone else. Additionally, the author's assertion that DHCPv6 is always stateful is also false; you can have stateless DHCPv6 for assigning DNS, NTP etcetera, one need not assign addresses with DHCPv6 at all. Regards, Oliver On Sunday 14 Aug 2011 17:54:29 Freek de Kruijf wrote:
Ludwig Nussel wrote on Fri, 14 Jan 2011 13:41:27 +0100,
Andreas Jaeger wrote:
So, my proposal is to do the following two changes: * Use 2 instead of 1 in /etc/rc.d/boot.ipconfig for enabling the privacy extensions * Set IPV6_PRIVACY=yes in /etc/sysconfig/sysctl
If at all leave IPV6_PRIVACY empty by default and assume 2 in that case in boot.ipconfig. However, I'd rather suggest to drop boot.ipconfig completely and have the kernel itself start with a sane default value.
About a month ago I got a new modem from my ISP which offers native IPv6. After a lot of experimenting I have the following recommendations.
The default for the dynamic IP address should not be DHCP both 4 and 6, but DHCP version 4 only. The reason is that most likely an IPv6 router will not have support for DHCP6, mine does not offer a DHCP6 service. It means that enabling IPv6 by default relies on Stateless Address Autoconfiguration (SAA), which is a perfect choice. When there is no DHCP6 server available and the address of an interface depends on SAA it takes up to 10 minutes before the interface gets its global IPv6 address. Disabling DHCP6 in this case provides the address in 2 seconds.
The subject of privacy in IPv6 is only relevant when you use a mobile device. For a rather static device or privacy is no concern, the above method is sufficient or rather required. In Linux the host part of the IPv6 address, the lower 64 bits, is always the same; it is derived from the MAC address of the interface, but in the very unlikely case of duplication, this will be prevented, because the IPv6 protocol always checks for duplicated addresses. So in case one wants to communicate between devices using IPv6, this is possible. One could set these more or less static addresses in the /etc/hosts file or manually introduce them in a DNS server.
So in the case of a privacy concern in a mobile device, one has to set IPV6_PRIVACY=yes. This means that the host part of the IPv6 address will be generated randomly after which a check for a duplicated address will be made. This host part will even be regenerated after 24 hours, if the device is active that long.
When a DHCP6 server is present in the network, and a dynamic address is required, one has to enable DHCP both for version 4 and 6, but this should not be a default setting. Also in this case SAA is still available and should work. Using DHCP6 is called Stateful Address Autoconfiguration
In case of a static IPv6 address, some more information should be provided in the Help about how and what to do. In that case one has to set the IPv6 address of the default gateway. However this could be avoided by searching for this address when the network starts. Currently this is not done. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On maandag 15 augustus 2011 22:49:44 Olipro wrote: Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
Hi all,
I currently run a dual-stacked network and would like to say that you *MUST NOT* disable DHCPv6 by default - quite the opposite in fact, both DHCPv4 and v6 need to be enabled from the get-go with appropriate firewall rules.
Having a DHCPv6 client will not (and should not) interfere with SLAAC in any way since Router Advertisements will inform clients as to whether or not there is a running DHCPv6 server - any router that is indicating in RAs that it is running a DHCPv6 server when it in fact is not is effectively *broken* (or criminally misconfigured) and is something that needs to be fixed at source, not worked-around by default-disabling DHCPv6 for everyone else.
In this case the IPv6 implementation, used in openSUSE, does not properly use the Router Advertisement, when DHCP6 is active. Right at the start of the network service I have seen a Router Solicitation on which a Router Advertisement follows. However this advertisement, with the global IPv6 prefix, is ignored. A second Solicitation and following advertisement is seen and ignored. After that no Solicitation and Advertisement is seen. Only after about 10 minutes an unsolicited Router Advertisement is seen and at that moment the system establishes a global IPv6 address. Without enabling DHCP6 the system gets its global IPv6 address a few seconds after starting the network. See the bug report https://bugzilla.novell.com/show_bug.cgi?id=704666
Additionally, the author's assertion that DHCPv6 is always stateful is also false; you can have stateless DHCPv6 for assigning DNS, NTP etcetera, one need not assign addresses with DHCPv6 at all.
I was only referring to Stateless _Address_ Allocation. Currently, with IPv4 still around, these other allocations are less important in my view. The received Router Advertisement, also contains other data apart from the global prefix, information on a Recursive DNS Server, the MTU and Source link- layer address.
Regards, Oliver
-- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
Hi all,
I currently run a dual-stacked network and would like to say that you *MUST NOT* disable DHCPv6 by default - quite the opposite in fact, both DHCPv4 and v6 need to be enabled from the get-go with appropriate firewall rules.
Having a DHCPv6 client will not (and should not) interfere with SLAAC in any way since Router Advertisements will inform clients as to whether or not there is a running DHCPv6 server - any router that is indicating in RAs that it is running a DHCPv6 server when it in fact is not is effectively *broken* (or criminally misconfigured) and is something that needs to be fixed at source, not worked-around by default-disabling DHCPv6 for everyone else.
In this case the IPv6 implementation, used in openSUSE, does not properly use the Router Advertisement, when DHCP6 is active. Right at the start of the network service I have seen a Router Solicitation on which a Router Advertisement follows. However this advertisement, with the global IPv6 prefix, is ignored. A second Solicitation and following advertisement is seen and ignored. After that no Solicitation and Advertisement is seen. Only after about 10 minutes an unsolicited Router Advertisement is seen and at that moment the system establishes a global IPv6 address. Without enabling DHCP6 the system gets its global IPv6 address a few seconds after starting the network. See the bug report https://bugzilla.novell.com/show_bug.cgi?id=704666
This bug has been closed as RESOLVED and marked INVALID so I'm not really sure what conclusion you expect me to draw from it.
Additionally, the author's assertion that DHCPv6 is always stateful is also false; you can have stateless DHCPv6 for assigning DNS, NTP etcetera, one need not assign addresses with DHCPv6 at all.
I was only referring to Stateless _Address_ Allocation. Currently, with IPv4 still around, these other allocations are less important in my view. The received Router Advertisement, also contains other data apart from the global prefix, information on a Recursive DNS Server, the MTU and Source link- layer address.
it *may* contain that information; it depends on the RA implementation; older versions of radvd for example are not capable of RDNSSD - additionally, since some clients also do not support RDNSSD, it can be preferable to include all such information in DHCPv6 - either way, anyone running a network where they have expressly disabled SLAAC for the purposes of ensuring DHCPv6 only assignments (which may be necessary for accounting, hostname assignments or firewall policies) will have an issue if OpenSUSE clients are coming with DHCPv6 disabled. Considering most other distros and operating systems are providing DHCPv6 clients by default, I don't think this is a road anyone should be taking OpenSUSE down.
Regards, Oliver
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On dinsdag 16 augustus 2011 12:38:46 Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
I do care.
In this case the IPv6 implementation, used in openSUSE, does not properly use the Router Advertisement, when DHCP6 is active. Right at the start of the network service I have seen a Router Solicitation on which a Router Advertisement follows. However this advertisement, with the global IPv6 prefix, is ignored. A second Solicitation and following advertisement is seen and ignored. After that no Solicitation and Advertisement is seen. Only after about 10 minutes an unsolicited Router Advertisement is seen and at that moment the system establishes a global IPv6 address. Without enabling DHCP6 the system gets its global IPv6 address a few seconds after starting the network. See the bug report https://bugzilla.novell.com/show_bug.cgi?id=704666
You can find a Wireshark catched conversation where right at the beginning the RA is present, but is not used. Si I would like to know, because you seem to be more an expert than I am, what your opinion is on the above. You did not comment on this ignoring of the first RAs that the system receives.
This bug has been closed as RESOLVED and marked INVALID so I'm not really sure what conclusion you expect me to draw from it.
This is probably because the title talks about not receiving a global IPv6 address, where later this appears not to be true and the title should be the long delay in establishing the global IPv6 address, which is only solvable by not enabling DHCP6.
Additionally, the author's assertion that DHCPv6 is always stateful is also false; you can have stateless DHCPv6 for assigning DNS, NTP etcetera, one need not assign addresses with DHCPv6 at all.
I was only referring to Stateless _Address_ Allocation. Currently, with IPv4 still around, these other allocations are less important in my view. The received Router Advertisement, also contains other data apart from the global prefix, information on a Recursive DNS Server, the MTU and Source link- layer address.
it *may* contain that information; it depends on the RA implementation; older versions of radvd for example are not capable of RDNSSD - additionally, since some clients also do not support RDNSSD, it can be preferable to include all such information in DHCPv6 - either way, anyone running a network where they have expressly disabled SLAAC for the purposes of ensuring DHCPv6 only assignments (which may be necessary for accounting, hostname assignments or firewall policies) will have an issue if OpenSUSE clients are coming with DHCPv6 disabled.
Considering most other distros and operating systems are providing DHCPv6 clients by default, I don't think this is a road anyone should be taking OpenSUSE down.
openSUSE provides the DHCP6 client OK, but the question is, should the default be that it is enabled in YaST when using the dynamic address allocation as is the default right now (DHCP both version 4 and 6) enabled. I think the majority of the Linux users, with little knowledge, will use a setup like I have, an ADSL router with native IPv6 without a DHCP6 server. In case it takes almost 10 minutes before a global IPv6 address is set in the system, I would prefer not to have DHCP6 enabled in that case. So either this delay should be removed or the default for DHCP6 should be that the DHCP6 client is not activated. I can enter a new bug report about this.
Regards, Oliver
-- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday 16 Aug 2011 14:20:51 Freek de Kruijf wrote:
On dinsdag 16 augustus 2011 12:38:46 Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
I do care.
In this case the IPv6 implementation, used in openSUSE, does not properly use the Router Advertisement, when DHCP6 is active. Right at the start of the network service I have seen a Router Solicitation on which a Router Advertisement follows. However this advertisement, with the global IPv6 prefix, is ignored. A second Solicitation and following advertisement is seen and ignored. After that no Solicitation and Advertisement is seen. Only after about 10 minutes an unsolicited Router Advertisement is seen and at that moment the system establishes a global IPv6 address. Without enabling DHCP6 the system gets its global IPv6 address a few seconds after starting the network. See the bug report https://bugzilla.novell.com/show_bug.cgi?id=704666
You can find a Wireshark catched conversation where right at the beginning the RA is present, but is not used. Si I would like to know, because you seem to be more an expert than I am, what your opinion is on the above. You did not comment on this ignoring of the first RAs that the system receives.
This bug has been closed as RESOLVED and marked INVALID so I'm not really sure what conclusion you expect me to draw from it.
This is probably because the title talks about not receiving a global IPv6 address, where later this appears not to be true and the title should be the long delay in establishing the global IPv6 address, which is only solvable by not enabling DHCP6.
Additionally, the author's assertion that DHCPv6 is always stateful is also false; you can have stateless DHCPv6 for assigning DNS, NTP etcetera, one need not assign addresses with DHCPv6 at all.
I was only referring to Stateless _Address_ Allocation. Currently, with IPv4 still around, these other allocations are less important in my view. The received Router Advertisement, also contains other data apart from the global prefix, information on a Recursive DNS Server, the MTU and Source link- layer address.
it *may* contain that information; it depends on the RA implementation; older versions of radvd for example are not capable of RDNSSD - additionally, since some clients also do not support RDNSSD, it can be preferable to include all such information in DHCPv6 - either way, anyone running a network where they have expressly disabled SLAAC for the purposes of ensuring DHCPv6 only assignments (which may be necessary for accounting, hostname assignments or firewall policies) will have an issue if OpenSUSE clients are coming with DHCPv6 disabled.
Considering most other distros and operating systems are providing DHCPv6 clients by default, I don't think this is a road anyone should be taking OpenSUSE down.
openSUSE provides the DHCP6 client OK, but the question is, should the default be that it is enabled in YaST when using the dynamic address allocation as is the default right now (DHCP both version 4 and 6) enabled.
I think the majority of the Linux users, with little knowledge, will use a setup like I have, an ADSL router with native IPv6 without a DHCP6 server. In case it takes almost 10 minutes before a global IPv6 address is set in the system, I would prefer not to have DHCP6 enabled in that case. So either this delay should be removed or the default for DHCP6 should be that the DHCP6 client is not activated. I can enter a new bug report about this.
I have tried reproducing your issue by disabling my DHCPv6 server and having SLAAC only; OpenSUSE autoconfigures immediately, so you either have some bizarre problem with your firewall configuration or an issue with the network card itself.
Regards, Oliver
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On dinsdag 16 augustus 2011 15:51:12 Olipro wrote:
I have tried reproducing your issue by disabling my DHCPv6 server and having SLAAC only; OpenSUSE autoconfigures immediately, so you either have some bizarre problem with your firewall configuration or an issue with the network card itself.
Thanks for your effort. I really appreciate. But the problem seems to be in the openSUSE system, because I do receive two times a RA Ethernet package right after starting the network and before any DHCP6 package is seen in the network. See the Wireshark catched IPv6 Ethernet packages, which are available in the bug report. The system only uses exactly the same RA package, the third, which arrives about 10 minutes later without an RS. The first two are received right after sending a double RS. -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
He certainly is not the only one to care. -- Per Jessen, Zürich (21.2°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Wednesday 17 August 2011 10:50:28 Per Jessen wrote:
Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
He certainly is not the only one to care. +1
-- Powered by openSUSE 11.3 (x86_64) Kernel: 2.6.34.8-0.2-desktop KDE Development Platform: 4.6.00 (4.6.0) 11:19 up 1 day 0:59, 5 users, load average: 0.47, 0.14, 0.05 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Wednesday 17 August 2011 10:50:28 Per Jessen wrote:
Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
He certainly is not the only one to care. +1
-- Powered by openSUSE 11.3 (x86_64) Kernel: 2.6.34.8-0.2-desktop KDE Development Platform: 4.6.00 (4.6.0) 11:19 up 1 day 0:59, 5 users, load average: 0.37, 0.13, 0.04 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday 16 Aug 2011 21:19:20 Freek de Kruijf wrote:
On dinsdag 16 augustus 2011 15:51:12 Olipro wrote:
I have tried reproducing your issue by disabling my DHCPv6 server and having SLAAC only; OpenSUSE autoconfigures immediately, so you either have some bizarre problem with your firewall configuration or an issue with the network card itself.
Thanks for your effort. I really appreciate.
But the problem seems to be in the openSUSE system, because I do receive two times a RA Ethernet package right after starting the network and before any DHCP6 package is seen in the network. See the Wireshark catched IPv6 Ethernet packages, which are available in the bug report. The system only uses exactly the same RA package, the third, which arrives about 10 minutes later without an RS. The first two are received right after sending a double RS.
are you filtering ICMPv6 in any way? try running: ip6tables -I INPUT -p icmpv6 -j ACCEPT then see if the problem still manifests itself. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Op 17-08-11 11:50, Per Jessen schreef:
Olipro wrote:
On Tuesday 16 Aug 2011 08:56:41 Freek de Kruijf wrote:
On maandag 15 augustus 2011 22:49:44 Olipro wrote:
Please do not top post, see http://en.opensuse.org/openSUSE:Mailing_list_netiquette
You appear to be the first person to care, I can see several threads right now with upper-level replies.
He certainly is not the only one to care.
-(!)1 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On woensdag 17 augustus 2011 18:46:57 Olipro wrote:
On Tuesday 16 Aug 2011 21:19:20 Freek de Kruijf wrote:
On dinsdag 16 augustus 2011 15:51:12 Olipro wrote:
I have tried reproducing your issue by disabling my DHCPv6 server and having SLAAC only; OpenSUSE autoconfigures immediately, so you either have some bizarre problem with your firewall configuration or an issue with the network card itself.
Thanks for your effort. I really appreciate.
But the problem seems to be in the openSUSE system, because I do receive two times a RA Ethernet package right after starting the network and before any DHCP6 package is seen in the network. See the Wireshark catched IPv6 Ethernet packages, which are available in the bug report. The system only uses exactly the same RA package, the third, which arrives about 10 minutes later without an RS. The first two are received right after sending a double RS.
are you filtering ICMPv6 in any way? try running:
ip6tables -I INPUT -p icmpv6 -j ACCEPT
then see if the problem still manifests itself.
I catch the packages in the host machine. I disabled IPv6 in the host to avoid catching packets related to the host. Wireshark in the host is filtering out anything which is not IPv6. So the IPv6 packages that I catch in the host have the destination of the VM guest machine or rather the ICMPv6 packages are all multicast packages. The DHCP6 packages, for that matter, are also multicast packages. The guest is a freshly generated openSUSE 12.1 M3 system, without any adjustments to the network configuration. So I assume that this system is not filtering any ICMPv6 packages. I can't use wireshark at that moment in the guest, because wireshark only starts on an active network interface and that interface is not active at that moment. I catch the packages at boot time of the guest. I repeated several times booting the guest with or without DHCP6 enabled or disabled, and the result is always that without DHCP6 enabled, I immediately gets a global IPv6 address and with DHCP6 enabled it takes about 8 to 9 minutes before I get the global IPv6 address. The only difference between the two is in /etc/sysconfig/network/ifcfg-eth0 in the parameter BOOTPROTO= either dhcp (4 and 6) or dhcp4 (only 4). The strange thing is that when I boot with both enabled and right after booting, I do "ifdown eth0" and "ifup eth0" I immediately get the global IPv6 addresses. After ifup I do see both DHCP 4 and 6 being activated. Any more ideas? -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (6)
-
Bernhard M. Wiedemann
-
Freek de Kruijf
-
Jogchum Reitsma
-
Olipro
-
Per Jessen
-
Peter Nikolic