[opensuse] IPv6 with Telekom Speedport W724V
I have a problem with the IPv6 connectivity. The failing server uses openSUSE 42.1 and runs 24/7. The problem is probably caused by the bundled Telekom Speedport W724V router. The Telekom VDSL provider delivers dual (IPv4 and IPv6) connectivity and maybe the router has IPv6 privacy extensions enabled. But I like to have a solution without exchanging the router. The problem is, that openSUSE 42.1 loosed IPv6 connectivity after some time (probably after ~1 day, but I am not sure). IPv4 connectivity stays intact. For testing I use www.heise.de only with IPv6. This hangs: myuser@mybox:~> wget -6 http://www.heise.de/ --2016-10-24 11:55:36-- http://www.heise.de/ Resolving www.heise.de (www.heise.de)... 2a02:2e0:3fe:1001:7777:772e:2:85 Connecting to www.heise.de (www.heise.de)|2a02:2e0:3fe:1001:7777:772e:2:85|:80... ^C /sbin/ifconfig shows 15 (!) IPv6 addresses with scope global (not printed here). If I re-start Wicked I have only 2 IPv6 addresses with scope global. The 2 IPv6 addresses are new compared with the old ones. IPv6 works after Wicked restart for some time: myuser@mybox:~> wget -6 http://www.heise.de/ --2016-10-24 11:58:52-- http://www.heise.de/ Resolving www.heise.de (www.heise.de)... 2a02:2e0:3fe:1001:7777:772e:2:85 Connecting to www.heise.de (www.heise.de)|2a02:2e0:3fe:1001:7777:772e:2:85|:80... connected. HTTP request sent, awaiting response... 200 O Length: unspecified [text/html] Saving to: ‘index.html’ [ <=> ] 180,321 1.09MB/s in 0.2s 2016-10-24 11:58:52 (1.09 MB/s) - ‘index.html’ saved [180321] How I can resolve this? Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/24/2016 06:18 AM, Bjoern Voigt wrote:
I have a problem with the IPv6 connectivity. The failing server uses openSUSE 42.1 and runs 24/7.
The problem is probably caused by the bundled Telekom Speedport W724V router. The Telekom VDSL provider delivers dual (IPv4 and IPv6) connectivity and maybe the router has IPv6 privacy extensions enabled.
But I like to have a solution without exchanging the router.
The problem is, that openSUSE 42.1 loosed IPv6 connectivity after some time (probably after ~1 day, but I am not sure). IPv4 connectivity stays intact.
For testing I use www.heise.de only with IPv6. This hangs:
myuser@mybox:~> wget -6 http://www.heise.de/ --2016-10-24 11:55:36-- http://www.heise.de/ Resolving www.heise.de (www.heise.de)... 2a02:2e0:3fe:1001:7777:772e:2:85 Connecting to www.heise.de (www.heise.de)|2a02:2e0:3fe:1001:7777:772e:2:85|:80... ^C
/sbin/ifconfig shows 15 (!) IPv6 addresses with scope global (not printed here).
If I re-start Wicked I have only 2 IPv6 addresses with scope global. The 2 IPv6 addresses are new compared with the old ones.
How I can resolve this?
Your computer can have both MAC based and random number "privacy" based IPv6 addresses. The MAC based never changes, the privacy addresses change periodically and you will build a list of several of them. You need to have the DNS point to the MAC based address. Look for one, where the right hand portion is the same as the link local address. The link local address starts with fe80. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bjoern Voigt wrote:
I have a problem with the IPv6 connectivity. The failing server uses openSUSE 42.1 and runs 24/7.
The problem is probably caused by the bundled Telekom Speedport W724V router. The Telekom VDSL provider delivers dual (IPv4 and IPv6) connectivity and maybe the router has IPv6 privacy extensions enabled. The problem is, that openSUSE 42.1 loosed IPv6 connectivity after some time (probably after ~1 day, but I am not sure). IPv4 connectivity stays intact.
For testing I use www.heise.de only with IPv6. This hangs:
myuser@mybox:~> wget -6 http://www.heise.de/ --2016-10-24 11:55:36-- http://www.heise.de/ Resolving www.heise.de (www.heise.de)... 2a02:2e0:3fe:1001:7777:772e:2:85 Connecting to www.heise.de (www.heise.de)|2a02:2e0:3fe:1001:7777:772e:2:85|:80... ^C
/sbin/ifconfig shows 15 (!) IPv6 addresses with scope global (not printed here).
You debug this the same way you would debug an IPv4 issue - i.e. with ping and traceroute. Try doing a traceroute6 wwww.heise.de and see if everything stops at your router.
If I re-start Wicked I have only 2 IPv6 addresses with scope global. The 2 IPv6 addresses are new compared with the old ones.
IPv6 works after Wicked restart for some time:
So it's likely not your router that's causing the problem then. To get rid of the many addresses (if they're confusing), sysctl -w net.ipv6.conf.default.use_tempaddr=0. -- Per Jessen, Zürich (14.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
Bjoern Voigt wrote:
I have a problem with the IPv6 connectivity. The failing server uses openSUSE 42.1 and runs 24/7.
The problem is probably caused by the bundled Telekom Speedport W724V router. The Telekom VDSL provider delivers dual (IPv4 and IPv6) connectivity and maybe the router has IPv6 privacy extensions enabled. The problem is, that openSUSE 42.1 loosed IPv6 connectivity after some time (probably after ~1 day, but I am not sure). IPv4 connectivity stays intact.
For testing I use www.heise.de only with IPv6. This hangs:
myuser@mybox:~> wget -6 http://www.heise.de/ --2016-10-24 11:55:36-- http://www.heise.de/ Resolving www.heise.de (www.heise.de)... 2a02:2e0:3fe:1001:7777:772e:2:85 Connecting to www.heise.de (www.heise.de)|2a02:2e0:3fe:1001:7777:772e:2:85|:80... ^C
/sbin/ifconfig shows 15 (!) IPv6 addresses with scope global (not printed here). You debug this the same way you would debug an IPv4 issue - i.e. with ping and traceroute. Try doing a traceroute6 wwww.heise.de and see if everything stops at your router. Yes, it stops on my router. Probably the IPv6 privacy extension is broken on the Telekom Speedport W724V router. At least it's incompatible with openSUSE Leap 42.1.
myuser@mybox:~> traceroute6 www.heise.de traceroute to www.heise.de (2a02:2e0:3fe:1001:7777:772e:2:85), 30 hops max, 80 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * [...] 29 * * * 30 * * * With disabled use_tempaddr setting it works.
If I re-start Wicked I have only 2 IPv6 addresses with scope global. The 2 IPv6 addresses are new compared with the old ones.
IPv6 works after Wicked restart for some time: So it's likely not your router that's causing the problem then.
To get rid of the many addresses (if they're confusing),
sysctl -w net.ipv6.conf.default.use_tempaddr=0. Thanks. I will use this setting.
Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/08/2016 04:49 PM, Bjoern Voigt wrote:
Yes, it stops on my router. Probably the IPv6 privacy extension is broken on the Telekom Speedport W724V router. At least it's incompatible with openSUSE Leap 42.1.
The privacy extensions are on the computer, not the router. Originally, IPv6 addresses were to be created using the MAC address. However, that meant an address could be traced to a specific device, even as it moved among other networks. Random number "privacy" addresses were then created, which will change periodically. Normally, the privacy addresses are used for outgoing connections and the MAC based for incoming. You'd configure the DNS to use the MAC addresses and also the firewall, to allow those incoming connections. If you use the privacy addresses in that manner, you will soon find yourself unable to reach the computer. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Yes, it stops on my router. Probably the IPv6 privacy extension is broken on the Telekom Speedport W724V router. At least it's incompatible with openSUSE Leap 42.1. The privacy extensions are on the computer, not the router. Originally, IPv6 addresses were to be created using the MAC address. However, that meant an address could be traced to a specific device, even as it moved among other networks. Random number "privacy" addresses were then created, which will change periodically. Normally, the privacy addresses are used for outgoing connections and the MAC based for incoming. You'd configure the DNS to use the MAC addresses and also the firewall, to allow those incoming connections. If you use the privacy addresses in that manner, you will soon find yourself unable to reach
On 11/08/2016 04:49 PM, Bjoern Voigt wrote: the computer. Thanks. But how can I do this with a customer router with only a limited set of IPv6 options? The router Telekom Speedport W724V has no nameserver functions for LAN hosts.
The router has an option for the IPv6 privacy extension (see page 83 here https://www.telekom.de/hilfe/downloads/bedienungsanleitung-speedport-w724v.p...): I translate it: "The automatic change of IP addresses makes it harder for website owners to track your activities in the Internet. You can choose between two Telekom privacy protection levels. On level 1 your IPv6 address will be changed daily. On level 2 your IPv4 and IPv6 addresses will be changed every 4 days. To make the protection function effective, your network device must have the option "Privacy Extentions" or "Get temporary IP address" activated." Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/08/2016 06:42 PM, Bjoern Voigt wrote:
"The automatic change of IP addresses makes it harder for website owners to track your activities in the Internet. You can choose between two Telekom privacy protection levels. On level 1 your IPv6 address will be changed daily. On level 2 your IPv4 and IPv6 addresses will be changed every 4 days.
To make the protection function effective, your network device must have the option "Privacy Extentions" or "Get temporary IP address" activated."
I don't know what they're talking about, other than possibly changing DHCP addresses. Normally, on IPv6, addresses are assigned via SLAAC, where the router provides the 64 bit network address and the computer provides the 64 bit host portion of the address, using either the MAC address or a random number. You can configure openSUSE to use one or the other or both. Go to a command prompt and enter ifconfig to see the addresses. For IPv6, you should see link-local address, which starts with fe80. it will contain a modified version of the MAC address. You should also see one or more unicast addresses, which start with 2. If there's one, where the right end is the same as the link-local address, that one is the MAC based address. Any other, and there could be a few, that does not match the link-local address is based on a random number. https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_.28SL... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Bjoern Voigt -
James Knott -
Per Jessen