FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 05-09-2011, 02:37 PM
Arnd Hannemann
 
Default Privacy Extensions for Stateless Address Autoconfiguration in IPv6in wheezy as default?

> On 09/05/2011 12:51, Arnd Hannemann wrote:
>> Hi,
>>
>> Am 09.05.2011 11:34, schrieb Vincent Danjean:
>>> RFC 4941 is a problem if you want to use to use IPv6 and proxy NDP,
>>> at least until the kernel allow to proxy a network instead of hosts.
>>> This does not seem for now:
>>> http://marc.info/?l=linux-kernel&m=130385156131530&w=2
>>
>> But if anoyone has enough knowledge to setup proxy NDP he should
>> be able to disable the privacy extension on its client hosts, too.
>
> It is not the problem of knowing how to do it. It is the problem of
> doing it by default. And I do not have strong opinion on the
> problem. For info, I setup privacy extension on my laptop but
> I use a (Hurricane) IPv6 tunnel instead of using the /64 given
> by my ISP.
>
>> Also, wouldn't using DHCPv6 solve this problem as well?
>
> DHCPv6 is useful when you do not want to you auto-configuration.
> It can be the case if you would like several networks with
> auto-configuration in a /64: DHCPv6 seems the only way to go in
> this case. if you want only one subnetwork with autoconfiguration
> and you have only a /64, you whould be able to create a correct
> routing table on your firewall.
>
> It does not solve the proxy NDP (here, the problem is for the
> ISP gateway that makes false assumption about the network layout,
> not for the other host that can easily be instructed to have
> a default route the the good host)
>
> I just realized that, perhaps, you want to says that privacy
> extension is disabled when you are using DHCPv6 ? I did not
> test it, so I do not know if this is right or not.

Yes thats exactly what I wanted to say here: if the gateway
requires control about the address assignment one probably
should use DHCPv6 instead of relying on Stateless Autoconfiguration.

>> Its really good to know that there exists such a problem with Privacy Extension
>> and Linux gateways, but in IMO it shouldn't hinder the deployment
>> of privacy extensions as default for for wheezy.
>
> An another problem is for firewalls that wants to do strict
> controls (ie also filtering out-going connections). But here
> again, there will be default rules for all client. Or, if
> special rules are required for a client, the client can be
> reconfigured to avoid using Privacy Extension.

Yeah, or use DHCPv6 to have more control about address assignment.

Best regards
Arnd


> PS: no need to CC me

But please CC: me, I'm not (yet) on the list.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DC7FC40.8080405@arndnet.de">http://lists.debian.org/4DC7FC40.8080405@arndnet.de
 

Thread Tools




All times are GMT. The time now is 11:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org