On Wed, 2015-08-05 at 17:59 +0200, Larsen wrote:
On Wed, 05 Aug 2015 17:31:36 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
On Wed, 2015-08-05 at 17:27 +0200, Larsen wrote:
On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Ok, fair enough. There are precompiled binaries for the needed tools, so this shouldn´t pose a problem.
I think that is even worse. When ever we patch those binaries they will be overwritten on these systems.
I guess this problem exists for different aspects of manually getting IPv6 to work on IPFire 2.x. For example, have a look at the following files that will be edited and might possibly be overwritten.
Yes, these are all system files and they *will* be overwritten at some time.
/etc/sysconfig/modules
I have no idea why all these modules need to be loaded manually. The respective tools like ip6tables, strongswan and so on will do that when needed.
/etc/sysctl.conf
It is probably better to create /etc/sysctl.d and then have a file in that directory that overwrites the default settings in /etc/sysctl.conf
/etc/resolv.conf
There is no need to resolve names over IPv6 and circumvent dnsmasq. This will disable DNSSEC. Add the name server to the dnsmasq configuration and you will be fine.
/etc/modprobe.d/ipv6.conf (deleted)
This can be moved to a sysctl setting and then solved as described above.
/etc/init.d/network
Therefore, we don't really need the tools to be IPv6-enabled. It would just have made things one step easier.
You will need this in dnsmasq if you want to keep DNSSEC.
So, I have added a warning here: http://wiki.ipfire.org/en/add-ipv6/ipv6/extended
I changed that. IPv6 support is finished in IPFire 3. Some smaller things like prefix delegation for PPP is not entirely tested and robust, but it should work well enough.
Lars
-Michael