[opensuse] IPv6 in openSUSE
jdd wrote:
Le 10/09/2016 à 11:50, Per Jessen a écrit :
jdd wrote:
I too often notice that allowing IPV6 brake the home connectivity...
Where do you notice this? That is almost certainly due to a lack of skills and/or poor equipment. Either at home or at the providers.
nearly in any openSUSE install I have, I has to disable IPV6 to have a working system. Last time it was due to a very long lag time at connect. Initially I simply used default install.
I don't think this is the place to discuss this in depth :-(
In this thread ("ssh questions") perhaps not, but in general, IPv6 issues in openSUSE do belong here, I would say. I have never disabled IPv6 when installing or later. In my opinion, any problems are due to misunderstandings or a poorly configured network. I think Carlos had an example of the latter. (his providers problem, not his). I think James and Koenraad have both highlighted the issue in getting a Linux box to propagate an ipv6 prefix handed out by the provider. These are corner-cases though, they're not typical issues.
I simply don't promote IPV6 to anybody
That is of course your choice, but I would say it is wrong to suggest IPv6 doesn't work or isn't available. I promote it every chance I get. I've been on IPv6 for almost ten years, since October 2006 when I opened my first tunnel account. Back then I also imagined a steep learning curve, and I didn't really get started until 2009 when I got a static prefix from my provider. The learning curve is just not that steep - especially not from an end-users point-of-view. If you want to play, there are a few concepts you need to understand, I think James mentioned some of them, but that's it. The learning curve is not that steep. Just do it. -- Per Jessen, Zürich (22.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
The learning curve is not that steep. Just do it.
Per, past time for me to try this. My ISP is Comcast and they are said to have good IPv6. I have a Netgear R6900 router. I have a Leap 42.2 test machine cat5 connected to it. I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done). Yast says I have IPv6 enabled (since install I assume). ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?) What next? How do I test? fyi: I'm remote from the machine over the weekend. I'm remotely logged in so I can't do all admin stuff, but so far so good. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Greg Freemyer wrote:
The learning curve is not that steep. Just do it.
Per, past time for me to try this.
My ISP is Comcast and they are said to have good IPv6.
I have a Netgear R6900 router.
I have a Leap 42.2 test machine cat5 connected to it.
Hi Greg, soonds good.
I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done).
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
What next? How do I test?
Try "ping -6 google.com". Next point your browser to http://test-ipv6.com/ or http://testipv6.jessen.ch/ You can also have a look at the routing table "ip -6 route show". -- Per Jessen, Zürich (24.0°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Sep 10, 2016 at 9:10 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
The learning curve is not that steep. Just do it.
Per, past time for me to try this.
My ISP is Comcast and they are said to have good IPv6.
I have a Netgear R6900 router.
I have a Leap 42.2 test machine cat5 connected to it.
Hi Greg,
soonds good.
I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done).
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
I have 3 total. 2 global, 1 link local
sudo ifconfig root's password: Sorry, try again. root's password: eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72376332 errors:0 dropped:377508 overruns:0 frame:0 TX packets:366573445 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7539698600 (7190.4 Mb) TX bytes:358463779849 (341857.7 Mb) Memory:fb700000-fb71ffff
(what the hell am I sending out? 341 GB transmitted?)
ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 30:5a:3a:54:0d:e1 brd ff:ff:ff:ff:ff:ff inet 192.168.1.13/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 scope global temporary dynamic valid_lft 341048sec preferred_lft 81248sec inet6 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 scope global mngtmpaddr dynamic valid_lft 341048sec preferred_lft 168248sec inet6 fe80::325a:3aff:fe54:de1/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 30:5a:3a:54:0a:8c brd ff:ff:ff:ff:ff:ff
What next? How do I test?
Try "ping -6 google.com".
invalid syntax, put ping6 works!
Next point your browser to http://test-ipv6.com/
9 green, 1 red The red test was large packets. It says I have an issue with MTU.
Works!
You can also have a look at the routing table "ip -6 route show".
ip -6 route show 2601:c0:8105:82f0::/64 dev eth0 proto kernel metric 256 expires 339782sec pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::deef:9ff:fea7:7e28 dev eth0 proto ra metric 1024 expires 1564sec hoplimit 64 pref low
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
-- Per Jessen, Zürich (24.0°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Greg Freemyer wrote:
On Sat, Sep 10, 2016 at 9:10 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
The learning curve is not that steep. Just do it.
Per, past time for me to try this.
My ISP is Comcast and they are said to have good IPv6.
I have a Netgear R6900 router.
I have a Leap 42.2 test machine cat5 connected to it.
Hi Greg,
soonds good.
I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done).
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
I have 3 total. 2 global, 1 link local
sudo ifconfig root's password: Sorry, try again. root's password: eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link
Right, so your /64 prefix is 2601:c0:8105:82f0 - 2601:c0:8105:82f0:3de5:c309:46c3:20c3 - random address, for privacy reasons. 2601:c0:8105:82f0:325a:3aff:fe54:de1 - address derived from the interface MAC address. What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
What next? How do I test?
Try "ping -6 google.com".
invalid syntax, put ping6 works!
Ah yes, that little nuisance ... sometimes the executable has -6 suffix, other times it's an argument :-(
Next point your browser to http://test-ipv6.com/
9 green, 1 red
The red test was large packets. It says I have an issue with MTU.
Hmm, your mtu is 1500, not sure what the problem might be.
You can also have a look at the routing table "ip -6 route show".
ip -6 route show 2601:c0:8105:82f0::/64 dev eth0 proto kernel metric 256 expires 339782sec pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::deef:9ff:fea7:7e28 dev eth0 proto ra metric 1024 expires 1564sec hoplimit 64 pref low
Looks good.
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
I tried pinging both of your addresses, no response. You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default: ip6tables --list -n A part from the firewall, you're now on IPv6, and your machine will prefer that over IPv4 when you visit IPv6 enabled sites, do lookups on IPv6-enabled DNSes etc. etc. -- Per Jessen, Zürich (24.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Sep 10, 2016 at 10:04 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
On Sat, Sep 10, 2016 at 9:10 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
The learning curve is not that steep. Just do it.
Per, past time for me to try this.
My ISP is Comcast and they are said to have good IPv6.
I have a Netgear R6900 router.
I have a Leap 42.2 test machine cat5 connected to it.
Hi Greg,
soonds good.
I just went into the router's advanced settings and told it to auto-detect IPv6 (previously disabled). It says I now have a WAN and LAN IPv6 address for the router (shockingly easily done).
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
I have 3 total. 2 global, 1 link local
sudo ifconfig root's password: Sorry, try again. root's password: eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link
Right, so your /64 prefix is 2601:c0:8105:82f0 -
2601:c0:8105:82f0:3de5:c309:46c3:20c3 - random address, for privacy reasons. 2601:c0:8105:82f0:325a:3aff:fe54:de1 - address derived from the interface MAC address.
Great
What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
Mine is 2. Default Leap 42.2 install.
Next point your browser to http://test-ipv6.com/
9 green, 1 red
The red test was large packets. It says I have an issue with MTU.
Hmm, your mtu is 1500, not sure what the problem might be.
I'll worry about that in a separate thread. Obviously could be anywhere in the network hops.
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
I tried pinging both of your addresses, no response.
good
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
sudo /usr/sbin/ip6tables --list -n root's password: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination So. I'm 100% blocked from incoming sockets on IPv6?
A part from the firewall, you're now on IPv6, and your machine will prefer that over IPv4 when you visit IPv6 enabled sites, do lookups on IPv6-enabled DNSes etc. etc.
Very cool. And way easier than I could have possibly imagined. Now I need to repeat the process for my laptop at my house and open a couple firewall holes to let me remote into that test machine.
-- Per Jessen, Zürich (24.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland.
Thanks for an interesting exercise, Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 11:08 AM, Greg Freemyer wrote:
Very cool. And way easier than I could have possibly imagined.
Now I need to repeat the process for my laptop at my house and open a couple firewall holes to let me remote into that test machine.
When you do that, you may want to test your firewall to make sure it's working properly: http://www.ipv6scanner.com/cgi-bin/main.py https://ipv6.chappell-family.com/ipv6tcptest/ You can also go to http://test-ipv6.com/ or http://ipv6-test.com/ to check out your system. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Greg Freemyer wrote:
What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
Mine is 2. Default Leap 42.2 install.
Interesting, I'm also on 42.2 (full KDE desktop), but mine is 1. ISTR some discussion about "2" causing an issue for NFS clients for instance.
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
sudo /usr/sbin/ip6tables --list -n root's password: Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
So. I'm 100% blocked from incoming sockets on IPv6?
Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection. -- Per Jessen, Zürich (26.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 11:59 AM, Per Jessen wrote:
So. I'm 100% blocked from incoming sockets on IPv6? Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection.
I mentioned some IPv6 port scan sites in another message. Give those a try, to see what's open. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 12:20 PM, James Knott wrote:
On 09/10/2016 11:59 AM, Per Jessen wrote:
So. I'm 100% blocked from incoming sockets on IPv6? Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection.
I mentioned some IPv6 port scan sites in another message. Give those a try, to see what's open.
Never mind, found it. I had to search on "http server" in Software Management to find it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 09/10/2016 11:59 AM, Per Jessen wrote:
So. I'm 100% blocked from incoming sockets on IPv6? Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection.
I mentioned some IPv6 port scan sites in another message. Give those a try, to see what's open.
"netstat -ln" would do it too :-) -- Per Jessen, Zürich (18.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 03:05 AM, Per Jessen wrote:
I mentioned some IPv6 port scan sites in another message. Give those
a try, to see what's open. "netstat -ln" would do it too :-)
That won't test a separate firewall. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Sep 10, 2016 at 11:59 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
Mine is 2. Default Leap 42.2 install.
Interesting, I'm also on 42.2 (full KDE desktop), but mine is 1. ISTR some discussion about "2" causing an issue for NFS clients for instance.
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
sudo /usr/sbin/ip6tables --list -n root's password: Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
So. I'm 100% blocked from incoming sockets on IPv6?
Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection.
Bugzilla time? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Greg Freemyer wrote:
On Sat, Sep 10, 2016 at 11:59 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
What does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? I expect it is "1", which is "assign random address". A "2" would be "assign and prefer random address". We used to default to "2", but it was changed, not sure why.
Mine is 2. Default Leap 42.2 install.
Interesting, I'm also on 42.2 (full KDE desktop), but mine is 1. ISTR some discussion about "2" causing an issue for NFS clients for instance.
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
sudo /usr/sbin/ip6tables --list -n root's password: Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
So. I'm 100% blocked from incoming sockets on IPv6?
Uh no, you're 100% open. I am not familiar with the SuSEfirewall, but it really ought to provide some minimum of protection.
Bugzilla time?
Dunno - in my installation from today, SuSEfirewall did fine. Maybe check that it was installed and run. -- Per Jessen, Zürich (25.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Sep 10, 2016 at 11:08 AM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link
Right, so your /64 prefix is 2601:c0:8105:82f0 -
2601:c0:8105:82f0:3de5:c309:46c3:20c3 - random address, for privacy reasons. 2601:c0:8105:82f0:325a:3aff:fe54:de1 - address derived from the interface MAC address.
Great
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now: ~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC. Why did it change from a month ago? I assumed my NIC derived IP would be effectively static? - I'm at my office. - No physical movement of the computer / router, and the ISP has not changed. - I doubt the router has even been re-booted in the last month. btw: This server may have 2 MACs. If so, I don't think the cat5 cable has been moved. No wireless in use on it. Does the shear number of those imply I'm using IPv6 for some of the outbound connections? Looks like I'm (transparently) using IPv6 to connect to google: ~> netstat -an|grep 2601 tcp 0 0 2601:c0:8105:82f0:44992 2607:f8b0:4002:c06::443 ESTABLISHED tcp 1 78 2601:c0:8105:82f0:53892 2607:f8b0:4002:c06::443 CLOSING tcp 1 78 2601:c0:8105:82f0:34698 2607:f8b0:4002:c06::443 CLOSING tcp 0 0 2601:c0:8105:82f0:39676 2607:f8b0:4002:c06::443 ESTABLISHED udp 0 0 2601:c0:8105:82f0:e:123 :::* udp 0 0 2601:c0:8105:82f0:9:123 :::* udp 0 0 2601:c0:8105:82f0:e:123 :::* udp 0 0 2601:c0:8105:82f0:3:123 :::* udp 0 0 2601:c0:8105:82f0:5:123 :::* udp 0 0 2601:c0:8105:82f0:3:123 :::* udp 0 0 2601:c0:8105:82f0:d:123 :::* Thanks Greg -- Greg Freemyer Are you confused as Hillary & Trump are decimated by October surprises (I call it God's work) Evan McMullin is surging. Utah looks like the first state to go his way. Don't forget, if you live in a state where you can't vote for McMullin: A vote for Trump is a vote for McMullin so get out and vote Vote Evan McMullin for President -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Try to ignore my last email (below). I don't know why I thought the NIC based IP had changed. Confused by all the octets I guess. Greg On Tue, Oct 11, 2016 at 5:05 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
On Sat, Sep 10, 2016 at 11:08 AM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link
Right, so your /64 prefix is 2601:c0:8105:82f0 -
2601:c0:8105:82f0:3de5:c309:46c3:20c3 - random address, for privacy reasons. 2601:c0:8105:82f0:325a:3aff:fe54:de1 - address derived from the interface MAC address.
Great
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
Why did it change from a month ago? I assumed my NIC derived IP would be effectively static?
- I'm at my office. - No physical movement of the computer / router, and the ISP has not changed. - I doubt the router has even been re-booted in the last month.
btw: This server may have 2 MACs. If so, I don't think the cat5 cable has been moved. No wireless in use on it.
Does the shear number of those imply I'm using IPv6 for some of the outbound connections?
Looks like I'm (transparently) using IPv6 to connect to google:
~> netstat -an|grep 2601 tcp 0 0 2601:c0:8105:82f0:44992 2607:f8b0:4002:c06::443 ESTABLISHED tcp 1 78 2601:c0:8105:82f0:53892 2607:f8b0:4002:c06::443 CLOSING tcp 1 78 2601:c0:8105:82f0:34698 2607:f8b0:4002:c06::443 CLOSING tcp 0 0 2601:c0:8105:82f0:39676 2607:f8b0:4002:c06::443 ESTABLISHED udp 0 0 2601:c0:8105:82f0:e:123 :::* udp 0 0 2601:c0:8105:82f0:9:123 :::* udp 0 0 2601:c0:8105:82f0:e:123 :::* udp 0 0 2601:c0:8105:82f0:3:123 :::* udp 0 0 2601:c0:8105:82f0:5:123 :::* udp 0 0 2601:c0:8105:82f0:3:123 :::* udp 0 0 2601:c0:8105:82f0:d:123 :::*
Thanks Greg -- Greg Freemyer Are you confused as Hillary & Trump are decimated by October surprises (I call it God's work) Evan McMullin is surging. Utah looks like the first state to go his way. Don't forget, if you live in a state where you can't vote for McMullin: A vote for Trump is a vote for McMullin so get out and vote Vote Evan McMullin for President
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
Look for the one that's similar to the link local address or the MAC. I expect it's the one where you replaced part of the address with "del". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Oct 11, 2016 at 5:53 PM, James Knott <james.knott@rogers.com> wrote:
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
Look for the one that's similar to the link local address or the MAC. I expect it's the one where you replaced part of the address with "del".
Thanks, that is helpful. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op dinsdag 11 oktober 2016 17:53:36 schreef James Knott:
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
Look for the one that's similar to the link local address or the MAC. I expect it's the one where you replaced part of the address with "del".
This is not replaced, it is :0DE1, which becomes :de1, because the zero can be omitted right after the colon, and the last character is a digit one. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/11/2016 06:07 PM, Freek de Kruijf wrote:
Op dinsdag 11 oktober 2016 17:53:36 schreef James Knott:
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC. Look for the one that's similar to the link local address or the MAC. I expect it's the one where you replaced part of the address with "del". This is not replaced, it is :0DE1, which becomes :de1, because the zero can be omitted right after the colon, and the last character is a digit one.
I guess you're right. It sure looked like "del" and some people will try to hide their real addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/11/2016 06:07 PM, Freek de Kruijf wrote:
Op dinsdag 11 oktober 2016 17:53:36 schreef James Knott: This is not replaced, it is :0DE1, which becomes :de1, because the zero can be omitted right after the colon, and the last character is a digit one.
I guess you're right. It sure looked like "del" and some people will try to hide their real addresses.
The best way to do that is use the documentation prefix 2001:db8. -- Per Jessen, Zürich (3.9°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
Does the shear number of those imply I'm using IPv6 for some of the outbound connections?
You use the most recent private address for outgoing connections. The others are still valid for existing connections, but will eventually fall off the end of the list. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/11/2016 05:05 PM, Greg Freemyer wrote:
Does the shear number of those imply I'm using IPv6 for some of the outbound connections?
You use the most recent private address for outgoing connections. The others are still valid for existing connections, but will eventually fall off the end of the list.
Greg, what does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say? 0 = privacy extensions inactive (no random addresses). 1 = privacy extensions active (random addresses). 2 = use privacy extension. In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one). -- Per Jessen, Zürich (3.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 12, 2016 at 9:08 AM, Per Jessen <per@computer.org> wrote:
Greg, what does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say?
0 = privacy extensions inactive (no random addresses). 1 = privacy extensions active (random addresses). 2 = use privacy extension.
In Leap, the default is 1, which means you get the privacy addresses, but they are not used.
More precisely - they are not used automatically. It is always possible to explicitly bind to any valid address on interface; but if local address is not specified by program and kernel has to chose, 1 will prefer permanent public address and 2 will prefer temporary random address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 12, 2016 at 10:05 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Wed, Oct 12, 2016 at 9:08 AM, Per Jessen <per@computer.org> wrote:
Greg, what does "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" say?
0 = privacy extensions inactive (no random addresses). 1 = privacy extensions active (random addresses). 2 = use privacy extension.
In Leap, the default is 1, which means you get the privacy addresses, but they are not used.
More precisely - they are not used automatically. It is always possible to explicitly bind to any valid address on interface; but if local address is not specified by program and kernel has to chose, 1 will prefer permanent public address and 2 will prefer temporary random address.
What follows, if you disable SLAAC and DHCP you are left with temporary addresses only which will be chosen even if use_tempaddr==1. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one).
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-12 15:12, James Knott wrote:
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one).
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10/12/2016 09:28 AM, Carlos E. R. wrote:
On 2016-10-12 15:12, James Knott wrote:
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one). In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I meant ifup.
I have 0. This is 13.1, with ifup.
Like I said, things are weird in Spain. ;-) However, I wonder why the default is now 1. Having privacy addresses doesn't hurt anything on outgoing connections and the MAC address is still available for DNS config. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/12/2016 09:28 AM, Carlos E. R. wrote:
On 2016-10-12 15:12, James Knott wrote:
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one). In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I meant ifup.
I have 0. This is 13.1, with ifup.
Like I said, things are weird in Spain. ;-)
However, I wonder why the default is now 1. Having privacy addresses doesn't hurt anything on outgoing connections and the MAC address is still available for DNS config.
I believe it was changed as of Leap421. Frequently changing addresses cause problems for long-running connections - NFS for instance. -- Per Jessen, Zürich (5.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2016-10-12 15:12, James Knott wrote:
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one).
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup.
Maybe it's because you don't have any IPv6? Going back to e.g. 10.x and 11.x, the default was also '0', but I'm sure '2' was the default as of 12.1. If you google it, you'll find some discusion on opensuse-factory in late 2011 and early 2012. It used to be an item on my post-install checklist - update /etc/sysctl.conf with: net.ipv6.conf.default.use_tempaddr = 1 -- Per Jessen, Zürich (10.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-12 16:41, Per Jessen wrote:
Carlos E. R. wrote:
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup.
Maybe it's because you don't have any IPv6? Going back to e.g. 10.x and 11.x, the default was also '0', but I'm sure '2' was the default as of 12.1. If you google it, you'll find some discusion on opensuse-factory in late 2011 and early 2012.
Rather because this is an upgraded system.
It used to be an item on my post-install checklist -
update /etc/sysctl.conf with: net.ipv6.conf.default.use_tempaddr = 1
I do not have that var at all in the file. I just wrote it there. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-10-12 16:41, Per Jessen wrote:
Carlos E. R. wrote:
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup.
Maybe it's because you don't have any IPv6? Going back to e.g. 10.x and 11.x, the default was also '0', but I'm sure '2' was the default as of 12.1. If you google it, you'll find some discusion on opensuse-factory in late 2011 and early 2012.
Rather because this is an upgraded system.
I think the kernel parameters are upgraded too, it's set in /lib/sysctl.d/sysctl.conf which used to be provided by "procps". If that is upgraded, so is your default use_tempaddr setting. If course, it can still be overriden by /etc/sysctl.conf. In Leap, the defaults are in /usr/lib/sysctl.d/50-default.conf (from aaa_base).
It used to be an item on my post-install checklist -
update /etc/sysctl.conf with: net.ipv6.conf.default.use_tempaddr = 1
I do not have that var at all in the file. I just wrote it there.
Right, normally you wouldn't override it, the default ought to be right for most systems. With Leap42x, maybe someone who is aware and keen would set use_tempaddr=2 in /etc/sysctl.conf. You can check all the sysctl files to see where your use_tempaddr is being set to 0 - grep tempaddr /boot/sysctl.conf* /lib*/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /etc/sysctl.conf -- Per Jessen, Zürich (4.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
You can check all the sysctl files to see where your use_tempaddr is being set to 0 -
I forgot - didn't somebody mention NetworkManager and having use_tempaddr=0 ? Maybe NM fiddles with the setting too, so if you're it ... -- Per Jessen, Zürich (5.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-13 08:54, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-10-12 16:41, Per Jessen wrote:
Carlos E. R. wrote:
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup.
Maybe it's because you don't have any IPv6? Going back to e.g. 10.x and 11.x, the default was also '0', but I'm sure '2' was the default as of 12.1. If you google it, you'll find some discusion on opensuse-factory in late 2011 and early 2012.
Rather because this is an upgraded system.
I think the kernel parameters are upgraded too, it's set in /lib/sysctl.d/sysctl.conf
Telcontar:~ # l /lib/sysctl.d/sysctl.conf ls: cannot access /lib/sysctl.d/sysctl.conf: No such file or directory Telcontar:~ #
which used to be provided by "procps". If that is upgraded, so is your default use_tempaddr setting. If course, it can still be overriden by /etc/sysctl.conf.
In Leap, the defaults are in /usr/lib/sysctl.d/50-default.conf (from aaa_base).
It used to be an item on my post-install checklist -
update /etc/sysctl.conf with: net.ipv6.conf.default.use_tempaddr = 1
I do not have that var at all in the file. I just wrote it there.
Right, normally you wouldn't override it, the default ought to be right for most systems. With Leap42x, maybe someone who is aware and keen would set use_tempaddr=2 in /etc/sysctl.conf.
You can check all the sysctl files to see where your use_tempaddr is being set to 0 -
grep tempaddr /boot/sysctl.conf* /lib*/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /etc/sysctl.conf
grep: /lib*/sysctl.d/*.conf: No such file or directory /usr/lib/sysctl.d/50-default.conf:net.ipv6.conf.default.use_tempaddr = 2 grep: /usr/local/lib/sysctl.d/*.conf: No such file or directory /etc/sysctl.d/99-sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1 grep: /run/sysctl.d/*.conf: No such file or directory /etc/sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1 Telcontar:~ # The last line is there because I wrote it. And the other values are obviously not used, as "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" said 0. Still does. Telcontar:~ # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 0 Telcontar:~ # Go figure... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-10-13 08:54, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-10-12 16:41, Per Jessen wrote:
Carlos E. R. wrote:
In 13.1, it's 2 with ifconfig method. When the network manager is used, it's 2 when the interface is up and 0, when down.
I have 0. This is 13.1, with ifup.
Maybe it's because you don't have any IPv6? Going back to e.g. 10.x and 11.x, the default was also '0', but I'm sure '2' was the default as of 12.1. If you google it, you'll find some discusion on opensuse-factory in late 2011 and early 2012.
Rather because this is an upgraded system.
I think the kernel parameters are upgraded too, it's set in /lib/sysctl.d/sysctl.conf
Telcontar:~ # l /lib/sysctl.d/sysctl.conf ls: cannot access /lib/sysctl.d/sysctl.conf: No such file or directory
Hmm, maybe it was moved later. On a 12.3 system, that's where I see it.
You can check all the sysctl files to see where your use_tempaddr is being set to 0 -
grep tempaddr /boot/sysctl.conf* /lib*/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /etc/sysctl.d/*.conf /run/sysctl.d/*.conf /etc/sysctl.conf
grep: /lib*/sysctl.d/*.conf: No such file or directory /usr/lib/sysctl.d/50-default.conf:net.ipv6.conf.default.use_tempaddr=2
Okay, that's your system default. I guess this isn't Leap.
/etc/sysctl.d/99-sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1
That one is probably a symlink to /etc/sysctl.conf
/etc/sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1 Telcontar:~ #
The last line is there because I wrote it.
Right.
And the other values are obviously not used, as "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" said 0. Still does.
Telcontar:~ # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 0
Go figure...
Something else is playing with that specific value then. NetworkManager? -- Per Jessen, Zürich (9.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-13 15:17, Per Jessen wrote:
Carlos E. R. wrote:
grep: /lib*/sysctl.d/*.conf: No such file or directory /usr/lib/sysctl.d/50-default.conf:net.ipv6.conf.default.use_tempaddr=2
Okay, that's your system default. I guess this isn't Leap.
No, it is 13.1.
/etc/sysctl.d/99-sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1
That one is probably a symlink to /etc/sysctl.conf
Correct.
/etc/sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1 Telcontar:~ #
The last line is there because I wrote it.
Right.
And the other values are obviously not used, as "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" said 0. Still does.
Telcontar:~ # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 0
Go figure...
Something else is playing with that specific value then. NetworkManager?
No, I use ifup. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-10-13 15:17, Per Jessen wrote:
Carlos E. R. wrote:
grep: /lib*/sysctl.d/*.conf: No such file or directory /usr/lib/sysctl.d/50-default.conf:net.ipv6.conf.default.use_tempaddr=2
Okay, that's your system default. I guess this isn't Leap.
No, it is 13.1.
/etc/sysctl.d/99-sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1
That one is probably a symlink to /etc/sysctl.conf
Correct.
/etc/sysctl.conf:net.ipv6.conf.default.use_tempaddr = 1 Telcontar:~ #
The last line is there because I wrote it.
Right.
And the other values are obviously not used, as "cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr" said 0. Still does.
Telcontar:~ # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 0
Go figure...
Something else is playing with that specific value then. NetworkManager?
No, I use ifup.
Except for the fact that you're on 13.1, it would be time to write a bugreport. Your /etc/sysctl.conf settings are being ignored or overridden. -- Per Jessen, Zürich (10.3°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-14 20:26, Per Jessen wrote:
Carlos E. R. wrote:
Something else is playing with that specific value then. NetworkManager?
No, I use ifup.
Except for the fact that you're on 13.1, it would be time to write a bugreport. Your /etc/sysctl.conf settings are being ignored or overridden.
Yes, I'm waiting for 42.2 to upgrade. But my testing suggests that XFCE will crash and block X. Maybe my settings in gai.conf have something to do? #precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100 -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-10-14 20:26, Per Jessen wrote:
Carlos E. R. wrote:
Something else is playing with that specific value then. NetworkManager?
No, I use ifup.
Except for the fact that you're on 13.1, it would be time to write a bugreport. Your /etc/sysctl.conf settings are being ignored or overridden.
Yes, I'm waiting for 42.2 to upgrade. But my testing suggests that XFCE will crash and block X.
Maybe my settings in gai.conf have something to do?
#precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100
I doubt it, but you could try reverting to the default and see if it changes the use_tempaddr settings. -- Per Jessen, Zürich (10.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/12/2016 02:08 AM, Per Jessen wrote:
In Leap, the default is 1, which means you get the privacy addresses, but they are not used. Instead your SLAAC address (MAC derived) will be used. (or a DHCP address, if you had one).
In 13.1, it's 2 with ifconfig method.
Yes, I believe it was changed in Leap. Using '2' was considered good for privacy, but it causes problems for long-term connections, NFS etc. -- Per Jessen, Zürich (10.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
It's the one with 'FF:FE" in the middle. FFFE is an IEEE reserved value for MAC-derived IPv6 addresses. It's also very similar to your link-local (fe80::) address.
Looks like I'm (transparently) using IPv6 to connect to google:
~> netstat -an|grep 2601 tcp 0 0 2601:c0:8105:82f0:44992 2607:f8b0:4002:c06::443 ESTABLISHED tcp 1 78 2601:c0:8105:82f0:53892 2607:f8b0:4002:c06::443 CLOSING tcp 1 78 2601:c0:8105:82f0:34698 2607:f8b0:4002:c06::443 CLOSING tcp 0 0 2601:c0:8105:82f0:39676 2607:f8b0:4002:c06::443 ESTABLISHED
Those only list the prefix 2601:c0:8105:82f0, try adding '-T' to see the full addresses. Assuming you have not touched /etc/gai.conf, your machine will prefer IPv6 over IPv4 when it is available. -- Per Jessen, Zürich (4.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/12/2016 02:24 AM, Per Jessen wrote:
It's the one with 'FF:FE" in the middle
Actually, the middle of the host portion of the address. You take the MAC address, insert FFFE in the middle and invert the 7th bit. Then append the result to the network prefix. The 7th bit is inserted so that locally managed MAC addresses can be used to create simple host portions of the address, such as <prefix>::1, ::2 etc. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 12, 2016 at 2:24 AM, Per Jessen <per@computer.org> wrote:
Greg Freemyer wrote:
So, I haven't done anything with IPv6 in a month, but I thought I would see how things look now:
~> /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:dc12:1b54:f78c:771b/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link inet6 addr: 2601:c0:8105:82f0:9d4e:b509:cc85:9129/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:3457:ddc2:f1ca:27ac/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e563:7d8a:d099:5fa0/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:e145:4681:48ee:de0d/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:550f:8f7a:f464:3d3a/64 Scope:Global
I assume 6 random IP addresses and one derived from the MAC. This is the same machine as above (a month ago). How do I know which IP was derived from the MAC.
It's the one with 'FF:FE" in the middle. FFFE is an IEEE reserved value for MAC-derived IPv6 addresses. It's also very similar to your link-local (fe80::) address.
Looks like I'm (transparently) using IPv6 to connect to google:
~> netstat -an|grep 2601 tcp 0 0 2601:c0:8105:82f0:44992 2607:f8b0:4002:c06::443 ESTABLISHED tcp 1 78 2601:c0:8105:82f0:53892 2607:f8b0:4002:c06::443 CLOSING tcp 1 78 2601:c0:8105:82f0:34698 2607:f8b0:4002:c06::443 CLOSING tcp 0 0 2601:c0:8105:82f0:39676 2607:f8b0:4002:c06::443 ESTABLISHED
Those only list the prefix 2601:c0:8105:82f0, try adding '-T' to see the full addresses. Assuming you have not touched /etc/gai.conf, your machine will prefer IPv6 over IPv4 when it is available.
You're right, it is using the NIC based IP for outbound.
netstat -anT|grep 2601 tcp 0 0 2601:c0:8105:82f0:325a:3aff:fe54:de1:47380 2607:f8b0:4002:c03::8b:443 ESTABLISHED tcp 0 0 2601:c0:8105:82f0:325a:3aff:fe54:de1:57544 2607:f8b0:4002:c08::bd:443 ESTABLISHED tcp 0 0 2601:c0:8105:82f0:325a:3aff:fe54:de1:33816 2607:f8b0:4002:c03::65:443 ESTABLISHED tcp 0 0 2601:c0:8105:82f0:325a:3aff:fe54:de1:33814 2607:f8b0:4002:c03::65:443 ESTABLISHED tcp 0 0 2601:c0:8105:82f0:325a:3aff:fe54:de1:22 2601:c0:8105:82f0:f9e0:3fc2:e77b:7316:56392 ESTABLISHED <snip>
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
I tried pinging both of your addresses, no response.
You'll be okay for a while, security by obscurity, but a firewall is a good idea :-) See if openSUSE gave you somethjing by default:
ip6tables --list -n
Earlier today I did a clean install of Leap 422 with ipv6-only, and it shows a default firewall setup. (from SUSEfirewall). -- Per Jessen, Zürich (23.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 09:38 AM, Greg Freemyer wrote:
I have 3 total. 2 global, 1 link local
sudo ifconfig root's password: Sorry, try again. root's password: eth0 Link encap:Ethernet HWaddr 30:5A:3A:54:0D:E1 inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2601:c0:8105:82f0:3de5:c309:46c3:20c3/64 Scope:Global inet6 addr: 2601:c0:8105:82f0:325a:3aff:fe54:de1/64 Scope:Global inet6 addr: fe80::325a:3aff:fe54:de1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72376332 errors:0 dropped:377508 overruns:0 frame:0 TX packets:366573445 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7539698600 (7190.4 Mb) TX bytes:358463779849 (341857.7 Mb) Memory:fb700000-fb71ffff
This is your MAC based address: 2601:c0:8105:82f0:325a:3aff:fe54:de1 It's created by taking the MAC address, inverting the 7th bit and inserting FFFE in the middle and prepending the prefix. BTW, you don't have to use sudo or be root to use ifconfig or ip to see what your addresses are. I just create a symlink so I don't have to type in the path to use the command as a mere mortal.
2601:c0:8105:82f0::/64 dev eth0 proto kernel metric 256 expires 339782sec pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::deef:9ff:fea7:7e28 dev eth0 proto ra metric 1024 expires 1564sec hoplimit 64 pref low
So now every hacker in the world knows my info and I have no idea if I have a firewall in place!
The link local address alone isn't a risk, but since you've posted your prefix, MAC and your MAC based address, then yes you told everyone. How do you not know if you have a firewall??? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 09:10 AM, Per Jessen wrote:
Yast says I have IPv6 enabled (since install I assume).
ifconfig shows I have 2 global IPv6 addresses for eth0 (why 2?)
Could you post output from "ip addr"? Anyway, having multiple IPv6 addresses is normal and just one of those new things you will get used to. a) a link-local address, fe80:: b) a public ipv6 address.
Actually, you'll likely have at least 3. You will always have the link local address, which starts with fe80. Then, depending on how your computer and network are configured, you may have 1 MAC based address, 1 or more random number addresses or perhaps dhcpv6. If you have random number "privacy extension" addresses enable, you will have several. These addresses are used, because a MAC based address can be traced to a specific computer, which some consider a privacy risk. So, a random number is used and changed periodically. If you have that enabled, you'll see one current random number address, which is used for all outgoing connections and a few depricated addresses, that are still valid for existing connections. But, eventually, those addresses will time out and fall off the list. When you set up a DNS record for a computer, you'd normally use the MAC address, though you could also use a static or DHCPv6 (assuming it's mapped to the MAC) address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 10 Sep 2016, Per Jessen wrote:
What next? How do I test? Try "ping -6 google.com". Next point your browser to http://test-ipv6.com/ or http://testipv6.jessen.ch/
http://www.dns24.ch/ - your free DNS host, made in Switzerland.
I am still merely "IPv6-curious". I bought Silvia Hagen's book, and started to read, but it's heavy going. Out of curiosity I typed rprice@maria:~> dig +noall +answer google.com AAAA google.com. 1480 IN AAAA 2a00:1450:4007:80e::200e rprice@maria:~> dig +noall +answer dns24.ch AAAA dns24.ch. 86309 IN AAAA 2a03:7520:4c68:2::e048 rprice@maria:~> dig +noall +answer test-ipv6.ch AAAA rprice@maria:~> dig +noall +answer testipv6.jenssen.ch AAAA Whey do test-ipv6.ch and testipv6.jenssen.ch have no apparent IPv6 addresses if they are IPv6 enabled? If I struggle on with the book, will I find out? Roger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 11:15 AM, Roger Price wrote:
Out of curiosity I typed
rprice@maria:~> dig +noall +answer google.com AAAA google.com. 1480 IN AAAA 2a00:1450:4007:80e::200e rprice@maria:~> dig +noall +answer dns24.ch AAAA dns24.ch. 86309 IN AAAA 2a03:7520:4c68:2::e048 rprice@maria:~> dig +noall +answer test-ipv6.ch AAAA rprice@maria:~> dig +noall +answer testipv6.jenssen.ch AAAA
Whey do test-ipv6.ch and testipv6.jenssen.ch have no apparent IPv6 addresses if they are IPv6 enabled? If I struggle on with the book, will I find out?
I don't think that's covered in the book, however, there doesn't appear to be a DNS AAAA record for those sites. With the host command, I get: $ host test-ipv6.ch Host test-ipv6.ch not found: 3(NXDOMAIN) $ host testipv6.jenssen.ch Host testipv6.jenssen.ch not found: 3(NXDOMAIN) And: $ host google.com google.com has address 172.217.1.110 google.com has IPv6 address 2607:f8b0:400b:806::200e google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. $ host dns24.ch dns24.ch has address 185.85.251.249 dns24.ch has IPv6 address 2a03:7520:4c68:2::e048 dns24.ch mail is handled by 0 katharina.spamchek.net. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Roger Price wrote:
On Sat, 10 Sep 2016, Per Jessen wrote:
What next? How do I test? Try "ping -6 google.com". Next point your browser to http://test-ipv6.com/ or http://testipv6.jessen.ch/
http://www.dns24.ch/ - your free DNS host, made in Switzerland.
I am still merely "IPv6-curious".
That's a good starting point.
I bought Silvia Hagen's book, and started to read, but it's heavy going. Out of curiosity I typed
rprice@maria:~> dig +noall +answer google.com AAAA google.com. 1480 IN AAAA 2a00:1450:4007:80e::200e rprice@maria:~> dig +noall +answer dns24.ch AAAA dns24.ch. 86309 IN AAAA 2a03:7520:4c68:2::e048 rprice@maria:~> dig +noall +answer test-ipv6.ch AAAA
So "test-ipv6.ch" does not exist.
rprice@maria:~> dig +noall +answer testipv6.jenssen.ch AAAA
The correct one is "testipv6.jessen.ch". :-) -- Per Jessen, Zürich (18.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-10 a las 13:39 +0200, Per Jessen escribió:
I have never disabled IPv6 when installing or later. In my opinion, any problems are due to misunderstandings or a poorly configured network. I think Carlos had an example of the latter. (his providers problem, not his). I think James and Koenraad have both highlighted the issue in getting a Linux box to propagate an ipv6 prefix handed out by the provider. These are corner-cases though, they're not typical issues.
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle. The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect. Instead, I configured somewhere (I forgot the file name) to say give IPv4 preference. Ah, /etc/gai.conf. # precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # precedence ::ffff:0:0/96 100 A better one would be to convince the name solver to ignore all IPv6 answers. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfUApIACgkQja8UbcUWM1zxbAD+K4IUHK1p6WVc8GgP81mKox+y aBROjR/2/lJsRo09obEBAIUJdMHL3f0/067KTnVggJDWCT8n/3MYEaJ6onXUdZpP =qaef -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2016-09-10 a las 13:39 +0200, Per Jessen escribió:
I have never disabled IPv6 when installing or later. In my opinion, any problems are due to misunderstandings or a poorly configured network. I think Carlos had an example of the latter. (his providers problem, not his). I think James and Koenraad have both highlighted the issue in getting a Linux box to propagate an ipv6 prefix handed out by the provider. These are corner-cases though, they're not typical issues.
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle.
I thought you also had a problem where your provider did give you IPv6, but it didn't work?
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
Unless they have an IPv6 route, the resolver will give preference to IPv4. I don't know how that works, but unless the resolver does that, everyone trying to access "google.com" (or any other dual-stack site) would have a problem 50% of the time.
Instead, I configured somewhere (I forgot the file name) to say give IPv4 preference. Ah, /etc/gai.conf.
Yes, but it isn't necessary.
A better one would be to convince the name solver to ignore all IPv6 answers.
ISTR you bringing this up last time too, but it really cannot be a problem. Wasn't this because you actually had an IPv6 route, but no connectivity? -- Per Jessen, Zürich (24.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-10 a las 15:05 +0200, Per Jessen escribió:
Carlos E. R. wrote:
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle.
I thought you also had a problem where your provider did give you IPv6, but it didn't work?
No, they don't.
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
Unless they have an IPv6 route, the resolver will give preference to IPv4. I don't know how that works, but unless the resolver does that, everyone trying to access "google.com" (or any other dual-stack site) would have a problem 50% of the time.
No, the resolver is not that clever. I have seen zypper on ocassion trying an IPv6 mirror and responding "no route", when there are other addresses on IPv4.
Instead, I configured somewhere (I forgot the file name) to say give IPv4 preference. Ah, /etc/gai.conf.
Yes, but it isn't necessary.
Things work after I changed it...
A better one would be to convince the name solver to ignore all IPv6 answers.
ISTR you bringing this up last time too, but it really cannot be a problem. Wasn't this because you actually had an IPv6 route, but no connectivity?
No, I don't think so. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfUHsUACgkQja8UbcUWM1zR5QEAgiu7zjQ5iveYqPOqPnY5e9WG 114kYNW7dUY50Fys0vAA/1wsCN5fl4vZOHP3K+gpzaTDnV4TWisjrzpTFlW+WN6g =Tu2L -----END PGP SIGNATURE-----
On 09/10/2016 10:55 AM, Carlos E. R. wrote:
No, the resolver is not that clever. I have seen zypper on ocassion trying an IPv6 mirror and responding "no route", when there are other addresses on IPv4.
Must be one of those weird Spain things. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
Unless they have an IPv6 route, the resolver will give preference to IPv4. I don't know how that works, but unless the resolver does that, everyone trying to access "google.com" (or any other dual-stack site) would have a problem 50% of the time.
No, the resolver is not that clever. I have seen zypper on ocassion trying an IPv6 mirror and responding "no route", when there are other addresses on IPv4.
Something really is that clever. I believe it is the resolver. Otherwise you would have 50% time-outs on visiting any website with IPv6. Try http://google.com or http://dns24.ch - they both have both ipv4 and ipv6 addresses. For zypper it's most likely a different issue - mirrorbrain might return an ipv6-only mirror, in which case you would see a "no route".
Instead, I configured somewhere (I forgot the file name) to say give IPv4 preference. Ah, /etc/gai.conf.
Yes, but it isn't necessary.
Things work after I changed it...
You just used a big hammer instead of figuring out the real problem. That's okay too of course, but it does not mean there is a general issue with IPv6, nor that anybody else needs to disable IPv6 or amend gai.conf. -- Per Jessen, Zürich (26.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-11 a las 08:51 +0200, Per Jessen escribió:
Carlos E. R. wrote:
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
Unless they have an IPv6 route, the resolver will give preference to IPv4. I don't know how that works, but unless the resolver does that, everyone trying to access "google.com" (or any other dual-stack site) would have a problem 50% of the time.
No, the resolver is not that clever. I have seen zypper on ocassion trying an IPv6 mirror and responding "no route", when there are other addresses on IPv4.
Something really is that clever. I believe it is the resolver. Otherwise you would have 50% time-outs on visiting any website with IPv6. Try http://google.com or http://dns24.ch - they both have both ipv4 and ipv6 addresses. For zypper it's most likely a different issue - mirrorbrain might return an ipv6-only mirror, in which case you would see a "no route".
Sometimes the IPv4 address fails with some error, then it tries IPv6, which fails as "no route". And that's the error the user sees, not the real problem with the IPv4 address.
Instead, I configured somewhere (I forgot the file name) to say give IPv4 preference. Ah, /etc/gai.conf.
Yes, but it isn't necessary.
Things work after I changed it...
You just used a big hammer instead of figuring out the real problem. That's okay too of course, but it does not mean there is a general issue with IPv6, nor that anybody else needs to disable IPv6 or amend gai.conf.
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it. I have not disabled IPv6, which is the big hammer people use. I have told the system to prefer IPv4, because my ISP is IPv4 only. I have no IPv6 route. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVZ6EACgkQja8UbcUWM1wqDwD7B8+W0EV9gi6/QfoNOfpBAUkA f0uQkVuIZh6pNJAQIRYA/0lR0T0l78NJxDg7G6/KAWIIyahtOn85f9AM5o+Dv7Qm =oXLD -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2016-09-11 a las 08:51 +0200, Per Jessen escribió:
Carlos E. R. wrote:
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
Unless they have an IPv6 route, the resolver will give preference to IPv4. I don't know how that works, but unless the resolver does that, everyone trying to access "google.com" (or any other dual-stack site) would have a problem 50% of the time.
No, the resolver is not that clever. I have seen zypper on ocassion trying an IPv6 mirror and responding "no route", when there are other addresses on IPv4.
Something really is that clever. I believe it is the resolver. Otherwise you would have 50% time-outs on visiting any website with IPv6. Try http://google.com or http://dns24.ch - they both have both ipv4 and ipv6 addresses. For zypper it's most likely a different issue - mirrorbrain might return an ipv6-only mirror, in which case you would see a "no route".
Sometimes the IPv4 address fails with some error, then it tries IPv6, which fails as "no route". And that's the error the user sees, not the real problem with the IPv4 address.
Ah yes, I forgot about that possibility. Still, it's a mirror problem, not an IPv6 problem. -- Per Jessen, Zürich (26.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVe8wACgkQja8UbcUWM1wtoQD/XRc0oAjRuZdSSkxpBUvJ+gRD dNn3+0Ss7XsXapHo7jMA/R2IEAHkc4jmG0q9lShDQQ6wDGvB58Xk9O5RSAGUoBMW =CPb9 -----END PGP SIGNATURE-----
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking.
I think James meant the address that your router dishes out. Without any configuration, it is pretty odd. -- Per Jessen, Zürich (26.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-11 a las 17:49 +0200, Per Jessen escribió:
Carlos E. R. wrote:
El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking.
I think James meant the address that your router dishes out. Without any configuration, it is pretty odd.
My router? It does not have an IPv6 address, only IPv4. Maybe when I said "I'm given an IPv6 address" we got a confusion. I mean that I get a response from some service that I have to contact that address to download some file or something. Not that the ISP gives my router an address to use as its own. Sorry. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVoR8ACgkQja8UbcUWM1zlxwEAlj9E+DqKppnxfRkviMz7hv3I yfrKBZrBQ4g4J3/7le8A/Rdrt+/2zYLWM7FHQL44pPM/xEG6eZ7K7IsYHvXCZyDY =qmkR -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2016-09-11 a las 17:49 +0200, Per Jessen escribió:
Carlos E. R. wrote:
El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking.
I think James meant the address that your router dishes out. Without any configuration, it is pretty odd.
My router? It does not have an IPv6 address, only IPv4.
Maybe when I said "I'm given an IPv6 address" we got a confusion. I mean that I get a response from some service that I have to contact that address to download some file or something. Not that the ISP gives my router an address to use as its own. Sorry.
Okay, I understand. So the resolver gives you an IPv6 address, yes that working is as designed. Unless a service is IPv6-only it is still not a problem. Unless your PC thinks it has IPv6 connecitivity. I have a similar "issue" on a Leap422 test-desktop. It only has IPv6, no IPv4. The resolver keeps giving me IPv4 addresses for services that have no IPv6 address. :-) -- Per Jessen, Zürich (18.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Content-ID: <alpine.LSU.2.20.1609121451080.4233@zvanf-gvevgu.inyvabe> El 2016-09-12 a las 08:53 +0200, Per Jessen escribió:
Carlos E. R. wrote:
Maybe when I said "I'm given an IPv6 address" we got a confusion. I mean that I get a response from some service that I have to contact that address to download some file or something. Not that the ISP gives my router an address to use as its own. Sorry.
Okay, I understand. So the resolver gives you an IPv6 address, yes that working is as designed. Unless a service is IPv6-only it is still not a problem. Unless your PC thinks it has IPv6 connecitivity.
I have a similar "issue" on a Leap422 test-desktop. It only has IPv6, no IPv4. The resolver keeps giving me IPv4 addresses for services that have no IPv6 address. :-)
Yes, that's the reverse issue of mine. My PC has some IPv6 connectivity, with local machines. Just no internet. I have to talk from memory, because the issue apparently disapeared when I changed the priority in gai.conf. Well, no, not the exact reverse, I got confused. The issue happened with sites that have both addresses, or those that only have IPv6. Those IPv6 addresses should simply be ignored if there is no IPv6 route to internet, IMO. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfWpdYACgkQja8UbcUWM1z49wD+MBavVVzAHrx7V8INJMIZxf5a Wvu2dwfiUO03IFwtJY0A/1dq6gr0GsfTMq9OxLifX+48NKPhnEAh9JUliEfI6xGy =cl8I -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2016-09-12 a las 08:53 +0200, Per Jessen escribió:
Carlos E. R. wrote:
Maybe when I said "I'm given an IPv6 address" we got a confusion. I mean that I get a response from some service that I have to contact that address to download some file or something. Not that the ISP gives my router an address to use as its own. Sorry.
Okay, I understand. So the resolver gives you an IPv6 address, yes that working is as designed. Unless a service is IPv6-only it is still not a problem. Unless your PC thinks it has IPv6 connecitivity.
I have a similar "issue" on a Leap422 test-desktop. It only has IPv6, no IPv4. The resolver keeps giving me IPv4 addresses for services that have no IPv6 address. :-)
Correction - on an IPv6-only system: if a host has both ipv4 and ipv6 addresses, I get only the ipv6 addresses. if a host has only ipv6 addresses, I only get the ipv6 addresses. if a host has only ipv4 addresses, I only get the ipv4 address mapped as ipv6. All perfectly fine.
Yes, that's the reverse issue of mine. My PC has some IPv6 connectivity, with local machines. Just no internet.
Carlos, what exactly is "some IPv6 connectivity"? If it is any more than link-local addresses, your system will believe you're on IPv6. The order in which addresses are returned by e.g. getaddrinfo() is defined by RFC3484 which says reachable addresses are preferred over non-reachable addresses. If you have an IPv6-capable interface with non-temporary, non-deprecated address on your PC, IPV6 will take preference over IPv4. (with the default settings).
I have to talk from memory, because the issue apparently disapeared when I changed the priority in gai.conf.
Yes, that is how it is supposed to work.
Well, no, not the exact reverse, I got confused. The issue happened with sites that have both addresses, or those that only have IPv6. Those IPv6 addresses should simply be ignored if there is no IPv6 route to internet, IMO.
They will be ranked lower than the IPv4 addresses, but that is sufficient. Here, try this code if you want: http://files.jessen.ch/testgai.c compile with: gcc -o testgai testgai.c run with: ./testgai some.host.name It does an address lookup the way any typical Linux application would do it, and prints out the addresses in order of preference. On my systems without IPv6 (i.e. only fe80:: addresses), IPv4 addresses are listed first. -- Per Jessen, Zürich (25.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 11:53 PM, Per Jessen wrote:
I have a similar "issue" on a Leap422 test-desktop. It only has IPv6, no IPv4. The resolver keeps giving me IPv4 addresses for services that have no IPv6 address.:-)
IPv6 Complexity? :-) :-) Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 11:44 AM, Carlos E. R. wrote:
El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking.
I meant what's causing your computer to assume an IPv6 address? If there isn't one, IPv6 should not be used. If you run ifconfig or ip -6 addr, what do you see? Do you get an IPv6 address other than the fe80 link local address? If so, you'll have to find out where it's coming from. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-11 a las 12:01 -0400, James Knott escribió:
On 09/11/2016 11:44 AM, Carlos E. R. wrote:
El 2016-09-11 a las 10:55 -0400, James Knott escribió:
On 09/11/2016 10:18 AM, Carlos E. R. wrote:
The real problem is that I'm given an IPv6 address which the ISP does not route, and I can do nothing about it.
Where is that address coming from?
Typically zypper asking.
I meant what's causing your computer to assume an IPv6 address? If there isn't one, IPv6 should not be used. If you run ifconfig or ip -6 addr, what do you see? Do you get an IPv6 address other than the fe80 link local address? If so, you'll have to find out where it's coming from.
Ah. My English failing me. When I said "I'm given an IPv6 address" we got a confusion. I mean that I get a response from some service that I have to contact that address to download some file or something. Not that the ISP gives my router an address to use as its own. Sorry. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVoX4ACgkQja8UbcUWM1ztWwD9GRp18uvE/ja65Xc4ykD25lib 3WyNkSRj1yRdQ0r3SIIA/1Ag+nD7PPmWylw0cwF9vJYWnggVWqHa87cP+MYmGNQn =gRQt -----END PGP SIGNATURE-----
On 09/10/2016 08:54 AM, Carlos E. R. wrote:
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle.
You can always use a tunnel to get IPv6, as I did for 6 years. What does your bandwidth have to do with it? My IPv6 bandwidth was almost as good as IPv4, when I was using that tunnel. Now, with IPv6 from my ISP, my IPv6 bandwidth can be slightly better than IPv4. As for your WiFi and router conflicting, just disable the function in one device, probably the WiFi.
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
If that's what happens, then the computer thinks it has an IPv6 address beyond a link local one (starts with fe80). It will not try to use IPv6, if it doesn't see an IPv6 route off the local network. Is there something misconfigured? As I said, I've never had an issue with IPv6, even when all I had was the link local address. Perhaps if you were to learn a bit about IPv6, you'd be able to determine what the issue is. You can also fire up Wireshark, to see what's actually happening. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-10 a las 09:58 -0400, James Knott escribió:
On 09/10/2016 08:54 AM, Carlos E. R. wrote:
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle.
You can always use a tunnel to get IPv6, as I did for 6 years. What does your bandwidth have to do with it? My IPv6 bandwidth was almost as good as IPv4, when I was using that tunnel. Now, with IPv6 from my ISP, my IPv6 bandwidth can be slightly better than IPv4.
It is an ethical problem. I will not route my full bandwidth via a third party just because I want IPv6. I don't want it. I'll wait till my provider provides it, if ever.
As for your WiFi and router conflicting, just disable the function in one device, probably the WiFi.
It can not be disabled. No functionality to do so in either device. The only posibility is to flash the wifi with openwrt or something.
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
If that's what happens, then the computer thinks it has an IPv6 address beyond a link local one (starts with fe80). It will not try to use IPv6, if it doesn't see an IPv6 route off the local network. Is there something misconfigured? As I said, I've never had an issue with IPv6, even when all I had was the link local address. Perhaps if you were to learn a bit about IPv6, you'd be able to determine what the issue is. You can also fire up Wireshark, to see what's actually happening.
The computers think there is a route, via the router. Perhaps. The router refuses, obviously, as there is no such route. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfUIIQACgkQja8UbcUWM1weyQEAlEyMC54BMUHh/9WmvsnNO1bJ lb0LwPggvIgnYhElESUA+wRDbR7uSBCz/E2Da7agJUCk3VIQDvb2UaLYSip/AV8Q =wB1N -----END PGP SIGNATURE-----
On 09/10/2016 11:02 AM, Carlos E. R. wrote:
It can not be disabled. No functionality to do so in either device.
After so many of your posts, over the years, I can only concluded IT must really be fscked up in Spain. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Content-ID: <alpine.LSU.2.20.1609111619470.4233@zvanf-gvevgu.inyvabe> El 2016-09-11 a las 00:50 -0400, James Knott escribió:
On 09/10/2016 11:02 AM, Carlos E. R. wrote:
It can not be disabled. No functionality to do so in either device.
After so many of your posts, over the years, I can only concluded IT must really be fscked up in Spain.
Well, no, those two devices are designed and built on some far east country, and I was trained in Canada :-P Eventually, I'll flash the wifi AP. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVaL0ACgkQja8UbcUWM1xi6QEAimMpiz7D+SZkAiNotccGzZYU AhImaZjICvzHePlbNB8A/iLou45RRgxPJVICxZjP9pMIL7+uALxd9J3YVYAONvmG =N/cu -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-09-11 16:22, Carlos E. R. wrote:
El 2016-09-11 a las 00:50 -0400, James Knott escribió:
On 09/10/2016 11:02 AM, Carlos E. R. wrote:
It can not be disabled. No functionality to do so in either device.
After so many of your posts, over the years, I can only concluded IT must really be fscked up in Spain.
Well, no, those two devices are designed and built on some far east country, and I was trained in Canada :-P
- From memory (I'm not at home), the ISP device is a customized (by the ISP) broadcom, and the other is perhaps a linksys. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVaU8ACgkQja8UbcUWM1wtQQD/VB5RdcDPzpQr69LZ9eT5U5WS weRzhVhXjkh8KRfDNpoA/2LCJc4xjB+XXh0LOYkdCUN98YRguoFCCLb/w+PjM3Ld =ivhA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
El 2016-09-10 a las 09:58 -0400, James Knott escribió:
On 09/10/2016 08:54 AM, Carlos E. R. wrote:
Right, my provider does not offer IPv6 to normal clients. Yes, perhaps I could get a tunnel of something from a third party, but I do not see fair doing my 300mbps through that. Lastly I have a problem with a WiFi point and the main router conflicting on who handles loacal IPv6 addresses, but I haven't bothered yet because there is none to handle.
You can always use a tunnel to get IPv6, as I did for 6 years. What does your bandwidth have to do with it? My IPv6 bandwidth was almost as good as IPv4, when I was using that tunnel. Now, with IPv6 from my ISP, my IPv6 bandwidth can be slightly better than IPv4.
It is an ethical problem. I will not route my full bandwidth via a third party just because I want IPv6. I don't want it. I'll wait till my provider provides it, if ever.
You wouldn't be routing your full bandwidth over the tunnel, only whatever IPv6 traffic you have. Which is probably less than 5%. Anyway, this is about having fun, for people who want to experiment and discover and learn. Setting up a tunnel is about learning the ropes, getting familiar with IPv6 etc. If that's not for you, that's fine.
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
If that's what happens, then the computer thinks it has an IPv6 address beyond a link local one (starts with fe80). It will not try to use IPv6, if it doesn't see an IPv6 route off the local network. Is there something misconfigured? As I said, I've never had an issue with IPv6, even when all I had was the link local address. Perhaps if you were to learn a bit about IPv6, you'd be able to determine what the issue is. You can also fire up Wireshark, to see what's actually happening.
The computers think there is a route, via the router. Perhaps. The router refuses, obviously, as there is no such route.
If that is the case, we're back to what I said and what James suggests above - it's a network configuration issue. There's nothing wrong with openSUSE nor with IPv6, it's a simply configuration issue. If you can't fix the router, that's a pity, but it's not fair to blame IPv6 or openSUSE. -- Per Jessen, Zürich (18.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-11 a las 09:02 +0200, Per Jessen escribió:
Carlos E. R. wrote:
It is an ethical problem. I will not route my full bandwidth via a third party just because I want IPv6. I don't want it. I'll wait till my provider provides it, if ever.
You wouldn't be routing your full bandwidth over the tunnel, only whatever IPv6 traffic you have. Which is probably less than 5%.
Anyway, this is about having fun, for people who want to experiment and discover and learn. Setting up a tunnel is about learning the ropes, getting familiar with IPv6 etc. If that's not for you, that's fine.
It could happen that a DVD download from SUSE wanted to use IPv6.
The main problem I think people have that forces them to disable IPv6 on their installs is "slow network", or failed connections. I think the DNS tells them of a site address as an IPv6, and of course, they can not connect.
If that's what happens, then the computer thinks it has an IPv6 address beyond a link local one (starts with fe80). It will not try to use IPv6, if it doesn't see an IPv6 route off the local network. Is there something misconfigured? As I said, I've never had an issue with IPv6, even when all I had was the link local address. Perhaps if you were to learn a bit about IPv6, you'd be able to determine what the issue is. You can also fire up Wireshark, to see what's actually happening.
The computers think there is a route, via the router. Perhaps. The router refuses, obviously, as there is no such route.
If that is the case, we're back to what I said and what James suggests above - it's a network configuration issue. There's nothing wrong with openSUSE nor with IPv6, it's a simply configuration issue. If you can't fix the router, that's a pity, but it's not fair to blame IPv6 or openSUSE.
I don't blame any, I blame the situation and I cope as I can... many people face that situation and respond by disabling IPv6. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVanEACgkQja8UbcUWM1yO0QEAk8BaVEOQao7TUpO8w71I/giz clpK7sQSYjcTcCOVXmoBAIAxU4g4kZ8L2Rm3eqmC2nqFrpoawKU8B7L6qgu2OjCG =GTxO -----END PGP SIGNATURE-----
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-11 a las 09:02 +0200, Per Jessen escribió:
Carlos E. R. wrote:
It is an ethical problem. I will not route my full bandwidth via a third party just because I want IPv6. I don't want it. I'll wait till my provider provides it, if ever.
You wouldn't be routing your full bandwidth over the tunnel, only whatever IPv6 traffic you have. Which is probably less than 5%.
Anyway, this is about having fun, for people who want to experiment and discover and learn. Setting up a tunnel is about learning the ropes, getting familiar with IPv6 etc. If that's not for you, that's fine.
It could happen that a DVD download from SUSE wanted to use IPv6.
Any application running might want to use IPv6, but only if you have IPv6 connecitivity or if it is the only available option. -- Per Jessen, Zürich (26.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/10/2016 07:39 AM, Per Jessen wrote:
That is of course your choice, but I would say it is wrong to suggest IPv6 doesn't work or isn't available. I promote it every chance I get. I've been on IPv6 for almost ten years, since October 2006 when I opened my first tunnel account. Back then I also imagined a steep learning curve, and I didn't really get started until 2009 when I got a static prefix from my provider. The learning curve is just not that steep - especially not from an end-users point-of-view. If you want to play, there are a few concepts you need to understand, I think James mentioned some of them, but that's it. The learning curve is not that steep. Just do it.
Someone else mentioned this: https://ipv6.he.net/certification/ And a good reference is "IPv6 Essentials". http://shop.oreilly.com/product/0636920023432.do -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
.... it is wrong to suggest IPv6 doesn't work or isn't available. I promote it every chance I get. I've been on IPv6 for almost ten years, since October 2006 when I opened my first tunnel account. Back then I also imagined a steep learning curve, and I didn't really get started until 2009 when I got a static prefix from my provider. The learning curve is just not that steep - especially not from an end-users point-of-view. If you want to play, there are a few concepts you need to understand, I think James mentioned some of them, but that's it. The learning curve is not that steep. Just do it.
I just installed leap 422 with ipv6-only connectivity. The installation went fine, no problems whatsoever. The only slight hiccup is the interface not automatically getting an address on start-up. I suspect some sort of wicked issue. I went to try out http://test-ipv6.com, but surprisingly that website does not have an IPv6 address :-) -- Per Jessen, Zürich (22.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 07:52 AM, Per Jessen wrote:
I went to try out http://test-ipv6.com, but surprisingly that website does not have an IPv6 address :-)
ipv6-test.com does. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 09/11/2016 07:52 AM, Per Jessen wrote:
I went to try out http://test-ipv6.com, but surprisingly that website does not have an IPv6 address :-)
ipv6-test.com does. ;-)
Yeah, I saw that one - I also checked a lot of the national test-ipv6 {nl,no,pl,etc} sites - several I came across only had IPv4 address. Seems a bit weird. -- Per Jessen, Zürich (18.0°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/12/2016 02:48 AM, Per Jessen wrote:
James Knott wrote:
On 09/11/2016 07:52 AM, Per Jessen wrote:
I went to try out http://test-ipv6.com, but surprisingly that website does not have an IPv6 address :-)
ipv6-test.com does. ;-) Yeah, I saw that one - I also checked a lot of the national test-ipv6 {nl,no,pl,etc} sites - several I came across only had IPv4 address. Seems a bit weird.
The only reason is that site checks both IPv4 and IPv6, so I guess they want users to start from a common point. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, there is that. How does one get a tunnel to try IPv6, where from? Are they free? What happens if opensuse downloads a DVD via the tunnel? Or with torrent, or emule? - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVbSoACgkQja8UbcUWM1z9VgD/avHDw893ox5R2qdGhuGJMnX0 EI8WcWYRj5Ut8lsD+D0A/1J8vjiItgWicOhcIs0s5kt6azQdE//hGNoEFn+a26/r =whls -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 10:41 AM, Carlos E. R. wrote:
Well, there is that. How does one get a tunnel to try IPv6, where from? Are they free?
I posted some info in an earlier message. Hurricane Electric (he.net) is a major tunnel broker, but there are others. The one I was using for 6 years shut down shortly after my ISP started providing IPv6, as they said they were no longer needed with some ISPs now offering IPv6.
What happens if opensuse downloads a DVD via the tunnel? Or with torrent, or emule?
Same as via IPv4, except the IPv6 traffic between you and the tunnel broker will be encapsulated in IPv4. The process is transparent and no different than using a VPN, except no encryption. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Sun, Sep 11, 2016 at 10:41 AM, Carlos E. R. <robin.listas@telefonica.net> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Well, there is that. How does one get a tunnel to try IPv6, where from?
https://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers Check the location of POPs and find one relatively close to you. ie. Not Australia for you, etc. Only 2 in the US. One (SixXS) is no longer accepting new requests. The other only supports people with a static IPv4 address (6in4). :( I was going to get one for my laptop. Definitely need a roaming IPv4 for that.
Are they free?
Normally, I think.
What happens if opensuse downloads a DVD via the tunnel? Or with torrent, or emule?
Your traffic transitions the tunnel endpoint, thus the desire to have a endpoint close.
- -- Cheers Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlfVbSoACgkQja8UbcUWM1z9VgD/avHDw893ox5R2qdGhuGJMnX0 EI8WcWYRj5Ut8lsD+D0A/1J8vjiItgWicOhcIs0s5kt6azQdE//hGNoEFn+a26/r =whls -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/11/2016 05:51 PM, Greg Freemyer wrote:
Only 2 in the US. One (SixXS) is no longer accepting new requests. The other only supports people with a static IPv4 address (6in4). :(
Gogo6/Freenet6 was the one I was using, but they shut down recently. With more & more ISPs offering IPv6, they decided they were no longer needed, but I suspect they were premature. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 09/11/2016 05:51 PM, Greg Freemyer wrote:
Only 2 in the US. One (SixXS) is no longer accepting new requests. The other only supports people with a static IPv4 address (6in4). :(
Gogo6/Freenet6 was the one I was using, but they shut down recently. With more & more ISPs offering IPv6, they decided they were no longer needed, but I suspect they were premature.
I used a Swiss tunnel provider (as8758.net), but they've also shut it down long ago. Looks like Hurricane Electric is still there though. Not exactly very close, but perhaps sufficient for playing around with. I'm surprised sixxs has stopped too though - they're right here in Zurich, and their page still says they offer tunnelling. -- Per Jessen, Zürich (18.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
I'm surprised sixxs has stopped too though - they're right here in Zurich, and their page still says they offer tunnelling.
Oh, I found it - "Currently SixXS is not accepting signups, nor tunnel or subnet requests. We are doing this action to ensure that instead of going the easy way of using our service for IPv6 connectivity, you instead Call your ISP." -- Per Jessen, Zürich (19.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-12 a las 09:39 +0200, Per Jessen escribió: ...
Oh, I found it -
"Currently SixXS is not accepting signups, nor tunnel or subnet requests. We are doing this action to ensure that instead of going the easy way of using our service for IPv6 connectivity, you instead Call your ISP."
LOL. They don't know my Telefonica. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfWpksACgkQja8UbcUWM1z8UwD9H4pvazw7nKm0TudniG8+LVIi elwsHp+CcWvwiecj5ygA/2Szdh7u+IzwyCAMmeKyOwM7cZcrwdC/Wjqw6YAfqJBR =1GMK -----END PGP SIGNATURE-----
participants (8)
-
Andrei Borzenkov -
Carlos E. R. -
Freek de Kruijf -
Greg Freemyer -
James Knott -
Lew Wolfgang -
Per Jessen -
Roger Price