From Fedora Project Wiki

(added link to git commit/rfc5006)
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 10: Line 10:
I use radvd on my networks instead of dhcpv6. Don't hardcode NM to require dhcpv6.
I use radvd on my networks instead of dhcpv6. Don't hardcode NM to require dhcpv6.


* The NM package will require the dhcpv6 package, but whether or not it actually gets used will be configurable at runtime, as with IPv4 DHCP. You'll be able to configure IPv6 interfaces to use various combinations of static IP/routes, router advertisements, and DHCPv6. (Out of curiosity, how are you currently getting DNS information? Static DNS server addresses? DHCPv4?) --[[User:Danw|Danw]]
:: The NM ''package'' will require the dhcpv6 ''package'', but whether or not dhcp actually gets used will be configurable at runtime, as with IPv4 DHCP. You'll be able to configure IPv6 interfaces to use various combinations of static IP/routes, router advertisements, and DHCPv6. DHCPv6 must be available ''as an option'' even though RDNSS (radvd) makes it mostly obsolete, because some sites will have old routers that support dhcpv6 but don't support RDNSS, and so ''at those sites'', NM will need to use dhcpv6.
:: I use DHCPv4 to assign IPv4 and DNS. Sure, eventually I might have to use DHCPv6, but radvd works great. --[[User:Mooninite|Mooninite]] 21:19, 9 June 2009 (UTC)
:: I can answer that on my networks, the DNS server is statically configured, but only because my wireless infrastructure doesn't support IPv6 yet (and may not support RA - as an architectural choice - when it does support IPv6).  For the wired part, I'd agree with the OP, though.  It's better not to require DHCPv6. RA works just fine in many cases. --[[User:Akistler|Akistler]] 05:35, 4 June 2009 (UTC)


* radvd supports broadcasting rdnss entries, aka recursive DNS servers. A daemon like [http://rdnssd.linkfanel.net/ rdnssd] is capable of watching for the router advertisements and updating /etc/resolv.conf as needed. I'm no n-m guru, but it isn't something that is overly hard to do -- all of the needed data can be contained in the router advertisement. From my radvd.conf:
:: ''(Deleted a bunch of discussion from people who were missing the point that this is an option for sites that need it, not a requirement for all users.)'' --[[User:Danw|Danw]] 13:46, 9 July 2009 (UTC)


<pre>interface eth1 {
::: Then a question. Will this IPv6 support integrate the provided [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=31910575a9de61e78065e93846e8e7a4894a18bf kernel RDNSS entries] to obtain DNS information? Currently, the only way to get this information into /etc/resolv.conf is with [http://linux.die.net/man/8/rdnssd rdnssd] (yet another userspace networking related daemon) - having NM use this information to set DNS would be fantastic. [[User:Kylesb|Kylesb]] 20:12, 13 July 2009 (UTC)
        AdvSendAdvert on;
        prefix 2001:470:d82b:ffff::/64 {
        };
        RDNSS 2001:470:d82b:ffff::2 fec0:0:0:ffff::1 {
                AdvRDNSSOpen on;
        };


}; </pre>
:::: Yes --[[User:Danw|Danw]] 21:07, 13 July 2009 (UTC)


This defines two recursive DNS servers to use, 2001:470:d82b:ffff::2, and fec0:0:0:ffff::1.
== What about VPNs? ==


There should be no ''need'' for dhcpv6 (or v4) in order to get recursive DNS servers for the system. Also, take a look at [http://tools.ietf.org/id/draft-ietf-ipv6-dns-discovery-07.txt this IETF draft], namely section 7. Vista doesn't record RDNSS servers sent in the router advertisement, but instead uses this fallback system.
Many people don't have native IPv6 connectivity. But they ''do'' have the possibility of tunnels or VPNs which provide them with IPv6. OpenVPN has had IPv6 support for ages, and OpenConnect (the new Cisco SSL VPN client) also has IPv6 support now. Has the core VPN manager been extended to let the VPN plugins set IPv6 addresses/routes? If not, that's quite a serious omission, surely?
 
Both are relatively 'easy' to implement (imo, both should be implemented), and do not require full-blown DHCP.
 
--[[User:Kylesb|Kylesb]] 22:02, 9 June 2009 (UTC)
 
:: replying to myself... please take a look [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=31910575a9de61e78065e93846e8e7a4894a18bf here] and [http://www.ietf.org/rfc/rfc5006.txt here] for information on the kernel exported RDNS servers. [[User:Kylesb|Kylesb]] 01:02, 5 July 2009 (UTC)

Latest revision as of 11:51, 11 November 2009

Disabling IPv6 for specific connection

Q: Does this feature include the use case when I need to have ipv6 disabled for a specific connection, which includes not having any inet6 addresses in the interface (as seen by ifconfig), which I have even when using current (fedora 11) nm (unless removing the ipv6 module from kernel or disabling ipv6 other way)? -- user:Mso

Q: I'll extend the question. Right now there's a variable, IPV6INIT, which, according to ifup-ipv6 and ifdown-ipv6, is supposed to turn off IPv6 on an interface-by-interface basis. The only thing it really does is disable running ifup-ipv6. An interface still has at least a link-local address. Furthermore, if you manually flush all IPv6 addresses (ip -6 addr flush), unplugging the cable and plugging it back in brings back the link-local address. I know that's a function of how the kernel handles the interface, but will NM make up for it? --Akistler 05:06, 4 June 2009 (UTC)

  • This would be possible... but why exactly do you want to? What breaks if the interface has a link-local IPv6 address? (I want to make sure we're fixing the right bug.) --Danw

Please don't require dhcpv6

I use radvd on my networks instead of dhcpv6. Don't hardcode NM to require dhcpv6.

The NM package will require the dhcpv6 package, but whether or not dhcp actually gets used will be configurable at runtime, as with IPv4 DHCP. You'll be able to configure IPv6 interfaces to use various combinations of static IP/routes, router advertisements, and DHCPv6. DHCPv6 must be available as an option even though RDNSS (radvd) makes it mostly obsolete, because some sites will have old routers that support dhcpv6 but don't support RDNSS, and so at those sites, NM will need to use dhcpv6.
(Deleted a bunch of discussion from people who were missing the point that this is an option for sites that need it, not a requirement for all users.) --Danw 13:46, 9 July 2009 (UTC)
Then a question. Will this IPv6 support integrate the provided kernel RDNSS entries to obtain DNS information? Currently, the only way to get this information into /etc/resolv.conf is with rdnssd (yet another userspace networking related daemon) - having NM use this information to set DNS would be fantastic. Kylesb 20:12, 13 July 2009 (UTC)
Yes --Danw 21:07, 13 July 2009 (UTC)

What about VPNs?

Many people don't have native IPv6 connectivity. But they do have the possibility of tunnels or VPNs which provide them with IPv6. OpenVPN has had IPv6 support for ages, and OpenConnect (the new Cisco SSL VPN client) also has IPv6 support now. Has the core VPN manager been extended to let the VPN plugins set IPv6 addresses/routes? If not, that's quite a serious omission, surely?