-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 14.08.2011 18:54, schrieb Freek de Kruijf:
Ludwig Nussel wrote on Fri, 14 Jan 2011 13:41:27 +0100,
Andreas Jaeger wrote:
So, my proposal is to do the following two changes: * Use 2 instead of 1 in /etc/rc.d/boot.ipconfig for enabling the privacy extensions * Set IPV6_PRIVACY=yes in /etc/sysconfig/sysctl
If at all leave IPV6_PRIVACY empty by default and assume 2 in that case in boot.ipconfig. However, I'd rather suggest to drop boot.ipconfig completely and have the kernel itself start with a sane default value.
About a month ago I got a new modem from my ISP which offers native IPv6. After a lot of experimenting I have the following recommendations.
The default for the dynamic IP address should not be DHCP both 4 and 6, but DHCP version 4 only. The reason is that most likely an IPv6 router will not have support for DHCP6, mine does not offer a DHCP6 service. It means that enabling IPv6 by default relies on Stateless Address Autoconfiguration (SAA), which is a perfect choice. When there is no DHCP6 server available and the address of an interface depends on SAA it takes up to 10 minutes before the interface gets its global IPv6 address. Disabling DHCP6 in this case provides the address in 2 seconds.
The subject of privacy in IPv6 is only relevant when you use a mobile device. For a rather static device or privacy is no concern, the above method is sufficient or rather required. In Linux the host part of the IPv6 address, the lower 64 bits, is always the same; it is derived from the MAC address of the interface, but in the very unlikely case of duplication, this will be prevented, because the IPv6 protocol always checks for duplicated addresses. So in case one wants to communicate between devices using IPv6, this is possible. One could set these more or less static addresses in the /etc/hosts file or manually introduce them in a DNS server.
So in the case of a privacy concern in a mobile device, one has to set IPV6_PRIVACY=yes. This means that the host part of the IPv6 address will be generated randomly after which a check for a duplicated address will be made. This host part will even be regenerated after 24 hours, if the device is active that long.
When a DHCP6 server is present in the network, and a dynamic address is required, one has to enable DHCP both for version 4 and 6, but this should not be a default setting. Also in this case SAA is still available and should work. Using DHCP6 is called Stateful Address Autoconfiguration
In case of a static IPv6 address, some more information should be provided in the Help about how and what to do. In that case one has to set the IPv6 address of the default gateway. However this could be avoided by searching for this address when the network starts. Currently this is not done.
You can set static IPv6 addrs and routes with "yast2 lan", by adding an Additional Address - and you need to put "/64" into the "Netmask" field there which is a bit ugly. or you add to /etc/sysconfig/network/ifcfg-eth0 IPADDR_1='2001:DB8:1234:5678::1/64' and to /etc/sysconfig/network/routes default FE80::1234 - eth0 oh and I also always disable DHCP6, because I just run radvd for my LANs - - really speeds up booting a lot. Ciao Bernhard M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk5IJToACgkQSTYLOx37oWRemgCghtPYgqfND4atLV0Dy0D7Xb2R uUoAoPkqDbD5BezdySpt9+7SrklkmQ14 =diKs -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org