1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.IPV6

  • how to prefer temporary address? (raspbian / stretch)

    From Andrea Borgia@21:1/5 to All on Sat Aug 17 11:30:01 2019
    Hello.

    At the moment my raspy (stretch-based Raspbian) is getting a /128 static
    lease from my router out of the /48 I get from the he.net tunnel.
    It also has a /64 address which seems stable across reboots but is not a
    slaac address.

    Where does this /64 address come from? In the logs I see it mentioned by avahi-daemon and dhcpd but I cannot find a corresponding lease file.
    More important, how do I get the sytem to generate and prefer a
    temporary address for outgoing connections?

    Thanks,
    Andrea.

    P.S.: also posted here in the Raspberrypi forum: https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=249079

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Pascal Hambourg@21:1/5 to All on Sat Aug 17 12:00:02 2019
    Le 17/08/2019 à 11:26, Andrea Borgia a écrit :

    At the moment my raspy (stretch-based Raspbian) is getting a /128 static lease from my router out of the /48 I get from the he.net tunnel.
    It also has a /64 address which seems stable across reboots but is not a slaac address.

    It would be clearer if you posted the output of

    ip -6 addr

    If you have privacy concerns feel free to mangle the /48 prefix assigned
    by the tunnel broker.

    Where does this /64 address come from? In the logs I see it mentioned by avahi-daemon and dhcpd but I cannot find a corresponding lease file.

    dhcpd (ISC DHCP server) or dhcpcd (DHCP client daemon) ?

    More important, how do I get the sytem to generate and prefer a
    temporary address for outgoing connections?

    sysctl net.ipv6.conf.${INTERFACE}.use_tempaddr=2

    How to set it at the system configuration level depends on the network configuration framework used. With ifupdown, add the following option to
    the iface stanza in /etc/network/interfaces :

    privext 2

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrea Borgia@21:1/5 to All on Sat Aug 17 17:30:02 2019
    Il 17/08/19 11:50, Pascal Hambourg ha scritto:


    It would be clearer if you posted the output of
     ip -6 addr
    If you have privacy concerns feel free to mangle the /48 prefix assigned
    by the tunnel broker.

    (before the config changes)
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 xxxx:xxxx:xxxx:2::514/128 scope global noprefixroute
    valid_lft forever preferred_lft forever
    inet6 xxxx:xxxx:xxxx:2:2683:43e7:578e:c0c2/64 scope global
    mngtmpaddr noprefixroute
    valid_lft forever preferred_lft forever
    inet6 fe80::7625:efb1:f044:1d42/64 scope link
    valid_lft forever preferred_lft forever


    Where does this /64 address come from? In the logs I see it mentioned
    by avahi-daemon and dhcpd but I cannot find a corresponding lease file.
    dhcpd (ISC DHCP server) or dhcpcd (DHCP client daemon) ?

    Found it: mngtmpaddr means it is used as a template for PE addresses.
    I wrongly assumed this should only be present when PE is enabled.


    More important, how do I get the sytem to generate and prefer a
    temporary address for outgoing connections?
     sysctl net.ipv6.conf.${INTERFACE}.use_tempaddr=2
    How to set it at the system configuration level depends on the network configuration framework used. With ifupdown, add the following option to
    the iface stanza in /etc/network/interfaces :

    I created /etc/sysctl.d/local.conf with these two lines: net.ipv6.conf.eth0.use_tempaddr = 2
    net.ipv6.conf.wlan0.use_tempaddr = 2

    After reboot I verified that it is using the temporary address, for
    example when sending a mail through an external relay.


    (after the changes)
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 xxxx:xxxx:xxxx:2::514/128 scope global noprefixroute
    valid_lft forever preferred_lft forever
    inet6 xxxx:xxxx:xxxx:2:cdcc:a2ea:3107:297e/64 scope global
    temporary dynamic
    valid_lft 604076sec preferred_lft 85667sec
    inet6 xxxx:xxxx:xxxx:2:2683:43e7:578e:c0c2/64 scope global
    mngtmpaddr noprefixroute
    valid_lft forever preferred_lft forever
    inet6 fe80::7625:efb1:f044:1d42/64 scope link
    valid_lft forever preferred_lft forever



    Thank you for your help,
    Andrea.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Bell@21:1/5 to All on Sat Aug 17 20:30:01 2019
    On Saturday, 17 August 2019 11:26:36 BST Andrea Borgia wrote:
    Hello.

    At the moment my raspy (stretch-based Raspbian) is getting a /128 static lease from my router out of the /48 I get from the he.net tunnel.
    It also has a /64 address which seems stable across reboots but is not a slaac address.

    Where does this /64 address come from? In the logs I see it mentioned by avahi-daemon and dhcpd but I cannot find a corresponding lease file.
    More important, how do I get the sytem to generate and prefer a
    temporary address for outgoing connections?

    Thanks,
    Andrea.

    P.S.: also posted here in the Raspberrypi forum: https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=249079
    Hello Andrea,
    I have internet plus three private local networks, and each of the three three local networks has an assigned public address plus its own private local address for both IPv4 and (fd00::) IPv6, see RFC4193 / Unique Local IPv6 Unicast Addresses.

    For each box, I edit

    /etc/gai.conf for address preferences order

    /etc/dhcpcd.conf for my choice of
    slaac private=0
    and my fallback profile

    #profile static_eth0
    #static ip_address=192.168.1.23/24
    #static ip6_address=fd51:42f8:caae:d92e::ff/64
    #static routers=192.168.1.1
    #static domain_name_servers=192.168.1.1 (a space separated list on one line)

    #interface eth0
    #fallback static_eth0

    leaving the rest of /etc/dhcpcd.conf default/unset

    I also add more local information in /etc/hosts for boxes sitting in my firewalled DMZ because they receive very limited DNS information.

    The RaspberryPi does have its own IPv6 local part that is persistent over replacement of MicroSD card and operating system which is based on the MAC address embedded in the hardware. Other addresses can be added or deleted as normal using
    # ip address [add | delete | show]

    Hope that helps.

    --
    Chris Bell
    Website http://chrisbell.org.uk

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrea Borgia@21:1/5 to All on Sun Aug 18 00:10:01 2019
    Il 17/08/19 20:18, Chris Bell ha scritto:


    I have internet plus three private local networks, and each of the three three
    local networks has an assigned public address plus its own private local address for both IPv4 and (fd00::) IPv6, see RFC4193 / Unique Local IPv6 Unicast Addresses.

    Can you explain the advantages of having a fd00-range address? Mine is a
    fairly simple home network and in case of trouble the devices are all
    locally accessible.


    For each box, I edit
    /etc/gai.conf for address preferences order

    Interesting: I thought the IPV6 preference compared to IPV4 was strictly mandated and not subject to local configuration, nice to know.


    /etc/dhcpcd.conf for my choice of
    slaac private=0
    and my fallback profile

    For the moment, I solved it via sysctl but I'm curious: can you actually
    set a static address that will only kick in if dhcp fails?


    Regards,
    Andrea.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)