Hi,
some users are currently translating the wiki instructions on how to set up an external IPv6 connection with IPFire. Unfortunately, two things (the latter one not necessarily) need to be recompiled with IPv6 support:
http://wiki.ipfire.org/en/add-ipv6/extend/prepare http://wiki.ipfire.org/en/add-ipv6/extend/dns
Would it be possible to enable IPv6 for those by default or might there be negative side effects? I think it´s time to get IPFire IPv6 ready, so why not start with this.
(Maybe the information from the wiki even is outdated and IPv6 already enabled for those tools?)
Lars
Well...
On Tue, 2015-08-04 at 14:46 +0200, Larsen wrote:
Hi,
some users are currently translating the wiki instructions on how to set up an external IPv6 connection with IPFire.
I very much appreciate you playing with IPv6 and IPFire. That is good to learn the system better and also to get familiar with IPv6. I honestly do not think that this will ever be possible to become some supported feature in IPFire 2. There is too much to do and this is just covering the tip of the iceberg.
Unfortunately, two things (the latter one not necessarily) need to be
recompiled with IPv6 support:
http://wiki.ipfire.org/en/add-ipv6/extend/prepare http://wiki.ipfire.org/en/add-ipv6/extend/dns
Would it be possible to enable IPv6 for those by default or might there be negative side effects?
It might. We disabled IPv6 in some packages like squid, curl and so on because these were sometimes causing errors.
http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=f8c079150ec8df07 a0f90bf25ef3a68f1201756f
I do not know about the others. I think I remember that we disabled some of them because it won't built. Not too sure about that.
I think it´s time to get IPFire IPv6 ready, so why not start with this.
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Just for reference:
http://git.ipfire.org/?p=network.git;a=summary http://source.ipfire.org/releases/network/man-pages/
(Maybe the information from the wiki even is outdated and IPv6 already enabled for those tools?)
Idk.
Lars
Best, -Michael
On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Ok, fair enough. There are precompiled binaries for the needed tools, so this shouldn´t pose a problem.
Lars
On Wed, 2015-08-05 at 17:27 +0200, Larsen wrote:
On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Ok, fair enough. There are precompiled binaries for the needed tools, so this shouldn´t pose a problem.
I think that is even worse. When ever we patch those binaries they will be overwritten on these systems.
If someone is using them and they do not cause any issues then we can enable IPv6. Having out-of-tree packages is really pain.
I am also okay with compiling in IPv6 support for the other things I mentioned. There are only bugs to fix first before we can do that. Disabling IPv6 is more of a workaround than a solution for the issues.
-Michael
Lars
On Wed, 05 Aug 2015 17:31:36 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
On Wed, 2015-08-05 at 17:27 +0200, Larsen wrote:
On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Ok, fair enough. There are precompiled binaries for the needed tools, so this shouldn´t pose a problem.
I think that is even worse. When ever we patch those binaries they will be overwritten on these systems.
I guess this problem exists for different aspects of manually getting IPv6 to work on IPFire 2.x. For example, have a look at the following files that will be edited and might possibly be overwritten.
http://wiki.ipfire.org/en/add-ipv6/extend/prepare /etc/sysconfig/modules /etc/sysctl.conf /etc/resolv.conf /etc/modprobe.d/ipv6.conf (deleted)
http://wiki.ipfire.org/en/add-ipv6/extend/nativ /etc/init.d/network
Therefore, we don't really need the tools to be IPv6-enabled. It would just have made things one step easier.
So, I have added a warning here: http://wiki.ipfire.org/en/add-ipv6/ipv6/extended
Lars
On Wed, 2015-08-05 at 17:59 +0200, Larsen wrote:
On Wed, 05 Aug 2015 17:31:36 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
On Wed, 2015-08-05 at 17:27 +0200, Larsen wrote:
On Wed, 05 Aug 2015 12:28:01 +0200, Michael Tremer michael.tremer@ipfire.org wrote:
IPFire 3 is ready for IPv6. I would appreciate much more to focus on that then and then finally get rid of IPFire 2.
Ok, fair enough. There are precompiled binaries for the needed tools, so this shouldn´t pose a problem.
I think that is even worse. When ever we patch those binaries they will be overwritten on these systems.
I guess this problem exists for different aspects of manually getting IPv6 to work on IPFire 2.x. For example, have a look at the following files that will be edited and might possibly be overwritten.
Yes, these are all system files and they *will* be overwritten at some time.
/etc/sysconfig/modules
I have no idea why all these modules need to be loaded manually. The respective tools like ip6tables, strongswan and so on will do that when needed.
/etc/sysctl.conf
It is probably better to create /etc/sysctl.d and then have a file in that directory that overwrites the default settings in /etc/sysctl.conf
/etc/resolv.conf
There is no need to resolve names over IPv6 and circumvent dnsmasq. This will disable DNSSEC. Add the name server to the dnsmasq configuration and you will be fine.
/etc/modprobe.d/ipv6.conf (deleted)
This can be moved to a sysctl setting and then solved as described above.
/etc/init.d/network
Therefore, we don't really need the tools to be IPv6-enabled. It would just have made things one step easier.
You will need this in dnsmasq if you want to keep DNSSEC.
So, I have added a warning here: http://wiki.ipfire.org/en/add-ipv6/ipv6/extended
I changed that. IPv6 support is finished in IPFire 3. Some smaller things like prefix delegation for PPP is not entirely tested and robust, but it should work well enough.
Lars
-Michael
/etc/sysconfig/modules
I have no idea why all these modules need to be loaded manually. The respective tools like ip6tables, strongswan and so on will do that when needed.
Me neither. The documentation stems from a forum thread where this was specified.
/etc/sysctl.conf
It is probably better to create /etc/sysctl.d and then have a file in that directory that overwrites the default settings in /etc/sysctl.conf
Thx, will change this and the other points you mentioned.
Lars
On Wed, 2015-08-05 at 23:51 +0200, Larsen wrote:
/etc/sysconfig/modules
I have no idea why all these modules need to be loaded manually. The respective tools like ip6tables, strongswan and so on will do that when needed.
Me neither. The documentation stems from a forum thread where this was specified.
/etc/sysctl.conf
It is probably better to create /etc/sysctl.d and then have a file in that directory that overwrites the default settings in /etc/sysctl.conf
Thx, will change this and the other points you mentioned.
I guess for this we will need to change the initscripts. It should be an easy change and we will gain the advantage that we can drop in any sort of configuration file without overwriting anything. This is also handy for any add-ons that need to change any of the sysctl settings. There was no need for this feature yet, but we have it in IPFire 3 and are using it quite often.
-Michael
Lars
-
Larsen -
Michael Tremer