From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Enable tools for IPv6
Date: Wed, 05 Aug 2015 17:19:20 +0100 [thread overview]
Message-ID: <1438791560.2448.65.camel@ipfire.org> (raw)
In-Reply-To: <op.x2wjraw6cahio0@atl-uetersen.atlantisgmbh.local>
[-- Attachment #1: Type: text/plain, Size: 2198 bytes --]
On Wed, 2015-08-05 at 17:59 +0200, Larsen wrote:
> On Wed, 05 Aug 2015 17:31:36 +0200, Michael Tremer
> <michael.tremer(a)ipfire.org> wrote:
>
> > On Wed, 2015-08-05 at 17:27 +0200, Larsen wrote:
> > > On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer
> > > <michael.tremer(a)ipfire.org> wrote:
> > >
> > > > IPFire 3 is ready for IPv6. I would appreciate much more to
> > > > focus
> > > > on
> > > > that then and then finally get rid of IPFire 2.
> > >
> > > Ok, fair enough.
> > > There are precompiled binaries for the needed tools, so this
> > > shouldn´t
> > > pose a problem.
> >
> > I think that is even worse. When ever we patch those binaries they
> > will
> > be overwritten on these systems.
>
>
> I guess this problem exists for different aspects of manually getting
> IPv6
> to work on IPFire 2.x. For example, have a look at the following
> files
> that will be edited and might possibly be overwritten.
Yes, these are all system files and they *will* be overwritten at some
time.
> /etc/sysconfig/modules
I have no idea why all these modules need to be loaded manually. The
respective tools like ip6tables, strongswan and so on will do that when
needed.
> /etc/sysctl.conf
It is probably better to create /etc/sysctl.d and then have a file in
that directory that overwrites the default settings in /etc/sysctl.conf
> /etc/resolv.conf
There is no need to resolve names over IPv6 and circumvent dnsmasq.
This will disable DNSSEC. Add the name server to the dnsmasq
configuration and you will be fine.
> /etc/modprobe.d/ipv6.conf (deleted)
This can be moved to a sysctl setting and then solved as described
above.
> > http://wiki.ipfire.org/en/add-ipv6/extend/nativ
> /etc/init.d/network
>
> Therefore, we don't really need the tools to be IPv6-enabled. It
> would
> just have made things one step easier.
You will need this in dnsmasq if you want to keep DNSSEC.
>
>
> So, I have added a warning here:
> http://wiki.ipfire.org/en/add-ipv6/ipv6/extended
I changed that. IPv6 support is finished in IPFire 3. Some smaller
things like prefix delegation for PPP is not entirely tested and
robust, but it should work well enough.
>
> Lars
-Michael
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-08-05 16:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-04 12:46 Larsen
2015-08-05 10:28 ` Michael Tremer
2015-08-05 15:27 ` Larsen
2015-08-05 15:31 ` Michael Tremer
2015-08-05 15:59 ` Larsen
2015-08-05 16:19 ` Michael Tremer [this message]
2015-08-05 21:51 ` Larsen
2015-08-07 12:59 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438791560.2448.65.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox