Re: [linux] Is static address ipv6 on Teksavvy working for you?
On Tue, Aug 07, 2018 at 02:30:55AM -0400, Brett Delmage wrote: > Subject: Is static address ipv6 on Teksavvy working for you? Yes. My SmartRG SR516ac is dual-stack, non-bridging, and devices attached to it automatically get IPv4 and IPv6 addresses that work. I use the "standard" @teksavvy.com PPPoE login. $ pingg eth3 -n -c 4 he.net /home/idallen/bin/pingg: Using eth3 -I 192.168.2.250 PING he.net (216.218.186.2) from 192.168.2.250 : 56(84) bytes of data. 64 bytes from 216.218.186.2: icmp_seq=1 ttl=55 time=76.3 ms 64 bytes from 216.218.186.2: icmp_seq=2 ttl=55 time=76.0 ms 64 bytes from 216.218.186.2: icmp_seq=3 ttl=55 time=76.4 ms 64 bytes from 216.218.186.2: icmp_seq=4 ttl=55 time=76.3 ms --- he.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 76.075/76.293/76.407/0.362 ms $ ping6 -n -c 4 he.net PING he.net(2001:470:0:76::2) 56 data bytes 64 bytes from 2001:470:0:76::2: icmp_seq=1 ttl=54 time=74.3 ms 64 bytes from 2001:470:0:76::2: icmp_seq=2 ttl=54 time=74.6 ms 64 bytes from 2001:470:0:76::2: icmp_seq=3 ttl=54 time=74.6 ms 64 bytes from 2001:470:0:76::2: icmp_seq=4 ttl=54 time=74.9 ms --- he.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 74.311/74.631/74.912/0.397 ms -- | Ian! D. Allen, BA, MMath - idal...@idallen.ca - Ottawa, Ontario, Canada | Home: www.idallen.com Contact Improvisation Dance: www.contactimprov.ca | Former college professor (Free/Libre GNU+Linux) at: teaching.idallen.com | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] Is static address ipv6 on Teksavvy working for you?
On Fri, 3 Aug 2018, Bart Trojanowski wrote: The key things to configure are: * pppd / rp-pppoe * sysctl (forwarding=1, autoconf=1, accept_ra=2) These were key. I am unsure if I had them right at one time and then not. But I certainly needed autoconf and accept_ra=2. I think a missing / reset autoconf was the main problem though. * iptables ... -j TCPMSS --clamp-mss-to-pmtu Indeed, I had this one already for ipv4 frag problems. Hmm. I just realized I probably have to make sure this is in ip*6*tables too... I did notice that ufw had a bunch of needed/useful rules in the ipv6 default already, possibly with this. * dnsmasq I spent far too much time with dnsmasq this weekend! Previously I had been using and am still using bind9 as an authoritative (for my domains) and recursive/caching DNS server (for my lan). I wanted to have better dhcp for my lan, and dnsmasq could provide that too. It also gave me a authenticating server too. I think there may be a bug in bind9 which disallows the ad bit being set on an an server that is also authoritative. * TekSavvy gives me 2 logins, one for static IPv4 and another for IPv6 -- I don't know if they still do this, but back when they started this is what they did :-) I had a wiredhighspeed login for ipv6 before, which I never got around to using. I understand they are not both needed now. If you have stabilty problems, you might want to try single login. My connection normally (only, but frequently enough) goes down because I reboot after a core (kernel, libc, whatever) update. * I have /etc/ppp/peers/ipv4 and /etc/ppp/peers/ipv6 -- "pon ipv4" brings up ppp0, "pon ipv6" brings up ppp1 * /etc/ppp/ipv6-up.d/0-local script does the heavy lifting -- sets up sysctl params, I thought I might need to do that but the sysctl params from above are 'sticking' just being set at boot. Thankfully. -- sometimes the pppoe sessions stay up for weeks, sometimes for minutes I will keep an eye out for this. Other than the last part (the script that restart ipv6 pppoe sessions), I found all the details in various HOWTOs online. It's been a while, so I don't recall how it all works at a protocol level anymore. And I certainly, I don't remember exactly what sources I used to learn all this crap :-) I've been bookmarking with ipv6 tag like crazy ;-) And still confused, because I have visted so many sites now... Let me know what specifically doesn't work for you. Well, thanks very much! I will add on the routing later this week, after I get dnsmasq stable and make sure my host/router is working on v6 reliably - so far, so good. Dnsmasq just hasn't been responding to DHCP REQUESTs reliably... driving me and my wife trying to work on her computer) crazy. ;-) I'm really glad to get to this state after years of foot-dragging (but in the meantime I at least got my webserver running HTTP2 with HSTS and a proxied php, on ipv6 on a DNSSEC-signed domain. And now I can reach it on ipv6 :-) Thanks! I am hitting all the buzzwords ;-) I'll let you know how the ipv6 routing goes. Thanks again for taking the time to help Bart. Brett
Re: [linux] Is static address ipv6 on Teksavvy working for you?
Hey everyone, thanks for responding with your helpful experience. My ipv6 setup has been head-banging, but I sure (_think) I know a lot more about ipv6, NDP, RA, RR, icmpv6, etc. than I did before :-) Bart Trojanowski wrote: For the most part, IPv6 is pretty seamless there days. Except for some unexpected holdouts like github.com, a lot of the internet is reachable via IPv6. My servers hosted at cacloud and ovh came with ipv6 just working. I had to disable ipv6 initially, but my hosted vps websites are accessible by ipv6 now. Compared to getting ipv6 on TekSavvy working, it was trivial. Despite attending the wonderful ipv6summit.ca local ipv6 conference at uOttawa in 2011 (which I recall you had a big part in organizing Bart?) I'm only finally getting mine unstoppered, despite this beong a todo since then. Although I signed up for the TekSavvy ipv6 beta years ago I didn't want to activate it until I thought that I understood ipv6 properly and was fairly certain I wasn't opening huge security holes. That goes beyond network packet firewalls. As shipped with Ubuntu, ufw does a decent basic job securing ipv6. But I also have tight application restrictions, from always binding specific addresses/interfaces and not using default wild-card binding, to Apache ip-specific extra content access restrictions e.g. I don't normally need to access web app admin areas from any IP address in the world, just my own. Bart Trojanowski wrote: I am enjoying native IPv6 from TekSavvy, including /64 address delegation to my intranet hosts. It is a brittle setup, but it works. Excellent! Thanks for letting me know it IS working Bart. That is a useful starting point. To be certain, it is operating today for you? (see my TekSavvy comments below why I ask) I'd agree with 'brittle' in my very limited experience. :-( Static addresses and ipv6 availability are reasons I am chose DSL, not cable. Very useful to know it CAN work. TekSavvy support has sown seeds of doubt in my mind this week about this with comments like these: TekSavvy via dslreports.com direct support forum in the past few days said: "Honestly, this is a little above my head. I have emailed this to the day's team to see if anyone can help you out with." AND (next CSR reply) "Due to some problems with IPv6 we did remove them from DSL logins. I have added this back to your login. Just please keep in mind if you do run into trouble we cannot assist much. If you unplug your modem for around 10 minutes you should now get the following: 2607:f2c0:...::/64 2607:f2c0:...::/56 These are Static and are included in the current cost for your IPv4 Static monthly charge. As for a website for this, I am sorry I do not know of any. I will see if someone knows more about this. 2018-Jul-30 6:54 am" AND "Hey Brad, [sic, and does not invoke my confidence!] Any chance you could attempt to power down the modem for a few minutes & take out the phone cord as well? Then plug back in and re-test? I know we did have some maintenance performed on the servers this morning." [Yikes. Sounds like a Bell/Rogers/Microsoft "support" reply) So I end up here with people who are truly tech-savvy. I did hard-code the static IPs into my /etc/interfaces for ppp and that worked for one day, until I had to reboot, although at this point I am wondering how my default ipv6 route got set? ...I don't remember setting a default route. But hey, it was 3:30 AM when i finally got it working... I just wasn't getting any joy with SLAAC or dhcpv6 prior to that. Perhaps I misunderstood TekSavvy and should be getting my static /64 prefix via SLAAC, and as it is static it would be consistent - does that seem correct? Just like my static ipv4 (except that it IS hard-coded in interfaces)? As I understand it the /56 via dhcpv6 is optional and I don't need to acquire that with dhcpv6 initially (unless I need other info like name servers, but I run my own bind9, ntp. etc. so I don't need to know those. I just need the default route which should come in the RA, and the kernel will apply, correct?) Anyway, right now on wireshark I'm seeing RA Router Advertisements but no RS or response from my host. Also, and more serious, right now I'm not even able to ping6 the TekSavvy endpoint reported by ppp, ppp.log: remote LL address fe80::0200:00ff:fe00: This endpoint was reachable before. As I understand it, an ipv6 link local address on an interface (ppp0) should always work and a GUA global address (and route) wouldn't override that, just work in parallel, right? Bart, thanks for your config details. I'll work through them, double check, and report back. I have, at least at one time this week, had consistent settings. If I've said anything here that screams I'm way off base, please let me know. I'm getting the same bandwidth (50⇑/10⇓) and latency (10ms) on v4 and v6 with TekSavvy DSL -- but it wasn't always the case. For the one day
Re: [linux] Is static address ipv6 on Teksavvy working for you?
I'm getting the same bandwidth (50⇑/10⇓) and latency (10ms) on v4 and v6 with TekSavvy DSL -- but it wasn't always the case. Tunnels hide the actual hops taken... so the latency contributions are hard to gauge with things like traceroute. For the most part, IPv6 is pretty seamless there days. Except for some unexpected holdouts like github.com, a lot of the internet is reachable via IPv6. If you cannot get native IPv6, you can still use Teredo (apt install miredo). Default miredo servers route you through remlab in EU, which will increase latency. Microsoft has some public North American teredo servers you can use, although they keep renaming them. I think " win1710.ipv6.microsoft.com" is the one I used last time I needed it. -Bart On Fri, Aug 3, 2018 at 11:36 AM Michael P. Soulier < msoul...@digitaltorque.ca> wrote: > On 03/08/18 Bart Trojanowski said: > > > There are restrictions. For example it's only available on DSL, not > cable. > > I'm on DSL. > > Mind you when I was running an HE tunnel, I found that we had bandwidth > issues with services like youtube once google left v6 on permanently, > but that was likely an HE bandwidth limitation. > > Mike >
Re: [linux] Is static address ipv6 on Teksavvy working for you?
On 03/08/18 Bart Trojanowski said: > There are restrictions. For example it's only available on DSL, not cable. I'm on DSL. Mind you when I was running an HE tunnel, I found that we had bandwidth issues with services like youtube once google left v6 on permanently, but that was likely an HE bandwidth limitation. Mike To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] Is static address ipv6 on Teksavvy working for you?
On 2018-08-03 10:55, Bart Trojanowski wrote: > There are restrictions. For example it's only available on DSL, not cable. My neighbour is unable to get a static address on cable due to Rogers' unwillingness to provide the service he assures me, not due to any technical limitations. I assume similar is true for V6. (He knows the standards well.) > On Fri, Aug 3, 2018 at 10:34 AM Michael P. Soulier > wrote: > > On 03/08/18 Bart Trojanowski said: > > > Hi Brett, > > > > > > I am enjoying native IPv6 from TekSavvy, including /64 address > > > delegation to my intranet hosts. It is a brittle setup, but it works. > > > > Odd. They told me that native v6 was not available. > > > > Mike slainte mhath, RGB -- Richard Guy Briggs -- ~\-- ~\ -- \___ o \@ @Ride yer bike! Ottawa, ON, CANADA -- Lo_>__M__\\/\%__\\/\% Vote! -- _GTVS6#790__(*)__(*)(*)(*)_ To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] Is static address ipv6 on Teksavvy working for you?
There are restrictions. For example it's only available on DSL, not cable. On Fri, Aug 3, 2018 at 10:34 AM Michael P. Soulier < msoul...@digitaltorque.ca> wrote: > On 03/08/18 Bart Trojanowski said: > > > Hi Brett, > > > > I am enjoying native IPv6 from TekSavvy, including /64 address > > delegation to my intranet hosts. It is a brittle setup, but it works. > > Odd. They told me that native v6 was not available. > > Mike >
Re: [linux] Is static address ipv6 on Teksavvy working for you?
On 03/08/18 Bart Trojanowski said: > Hi Brett, > > I am enjoying native IPv6 from TekSavvy, including /64 address > delegation to my intranet hosts. It is a brittle setup, but it works. Odd. They told me that native v6 was not available. Mike signature.asc Description: PGP signature
Re: [linux] Is static address ipv6 on Teksavvy working for you?
> On Thu, 2 Aug 2018, Alex Pilon wrote: > > Yes. Stock router/modem/DHCP/DNS/NAT/swich/AP though. > > > >$ ping google.ca > >PING google.ca (172.217.2.163) 56(84) bytes of data. > >[1533267285.268774] 64 bytes from google.ca (172.217.2.163): icmp_seq=1 > > ttl=57 time=11.9 ms > >^C > >--- google.ca ping statistics --- > >1 packets transmitted, 1 received, 0% packet loss, time 0ms > >rtt min/avg/max/mdev = 11.888/11.888/11.888/0.000 ms > On Fri, Aug 03, 2018 at 02:44:19AM -0400, Brett Delmage wrote: > This is an ipv4 ping. Is ipV6 working? This idiot copy-pasted the wrong bit. Yeah, I can ping -6 google.ca, and it works. By IP or by hostname. Can't SSH to home from work though, but I don't suppose I need to prove that anymore. > > Plain old dhcpcd. Clarification, at the clients. > Teksavvy told me I didn't need that for a static address. More like it won't do static addresses… Strictly speaking, yes, at the clients, you don't need DHCPv6, nor SLAAC to get an address, but you're better off. The kernel knows nothing about your resolver (you don't touch the filesystem from the kernel), so you do need some userspace to set it. dhcpcd at least lets SLAAC do its job instead of DHCPv6 if the router advertisements order so. Regards, Alex Pilon To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] Is static address ipv6 on Teksavvy working for you?
Hi Brett, I am enjoying native IPv6 from TekSavvy, including /64 address delegation to my intranet hosts. It is a brittle setup, but it works. The key things to configure are: * pppd / rp-pppoe * sysctl (forwarding=1, autoconf=1, accept_ra=2) * iptables ... -j TCPMSS --clamp-mss-to-pmtu * wide-dhcpv6-client * dnsmasq Here are some highlights of the setup: * modem setup to bypass mode (does not terminate pppoe) * Debian router terminates pppoe using rp-pppoe * TekSavvy gives me 2 logins, one for static IPv4 and another for IPv6 -- I don't know if they still do this, but back when they started this is what they did :-) * I have /etc/ppp/peers/ipv4 and /etc/ppp/peers/ipv6 -- "pon ipv4" brings up ppp0, "pon ipv6" brings up ppp1 * /etc/ppp/ipv6-up.d/0-local script does the heavy lifting -- sets up sysctl params, starts dhcp6c on the ppp1 device, etc * pppoe itself will get my ppp1 IPv6 address, but it does not delegate to the LAN * dhcp6c (from wide-dhcpv6 package) is requests teh /56 from TS over DHPCv6 * an alternative would be to use radvd or dhcpcd5 -- I didn't get that to work for me -- or it wasn't stable * I use dnsmasq to do the actual address delegation -- dnsmasq.conf has "enable-ra" and "ra-param=eth0,60" options * the routing ocasionally stops working -- I have a script that tests IPv6 status every few minutes -- if needed does an "poff ipv6" followed by "pon ipv6" -- sometimes the pppoe sessions stay up for weeks, sometimes for minutes Other than the last part (the script that restart ipv6 pppoe sessions), I found all the details in various HOWTOs online. It's been a while, so I don't recall how it all works at a protocol level anymore. And I certainly, I don't remember exactly what sources I used to learn all this crap :-) Let me know what specifically doesn't work for you. -Bart On Thu, Aug 2, 2018 at 10:45 PM Brett Delmage < brett.delm...@twobikes.ottawa.on.ca> wrote: > Is anyone runnning ipv6 dual stack on TekSavvy with a static ip on your > Linux host? And if so, is yours actually currently working? > > I'm having a heck of a time getting mine going. I am not sure I believe > what Teksavvy support is telling me for configuration. I (finally) got it > working briefly yesterday but then it stopped. I'd be thankful to compare > notes to get some hints where I am going wrong, and also to confirm that > Teksavvy isn't having problems itself. > > Thanks! > > Brett > > To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org > To get help send a blank message to linux+h...@linux-ottawa.org > To visit the archives: https://lists.linux-ottawa.org > >
Re: [linux] Is static address ipv6 on Teksavvy working for you?
On 2018-08-02 Aug:45 -0400, Brett Delmage wrote: > Is anyone runnning ipv6 dual stack on TekSavvy with a static ip on your > Linux host? And if so, is yours actually currently working? Yes. Stock router/modem/DHCP/DNS/NAT/swich/AP though. $ ping google.ca PING google.ca (172.217.2.163) 56(84) bytes of data. [1533267285.268774] 64 bytes from google.ca (172.217.2.163): icmp_seq=1 ttl=57 time=11.9 ms ^C --- google.ca ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 11.888/11.888/11.888/0.000 ms Gotta fix that soon. > I'm having a heck of a time getting mine going. I am not sure I believe what > Teksavvy support is telling me for configuration. Too private? You using PPPoE over DSL? You talking about configuring your endpoint or a router, etc.? > I (finally) got it working briefly yesterday but then it stopped. I'd > be thankful to compare notes Plain old dhcpcd. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
