Versions Compared

Old Version 75

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 76

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Milestones

Advanced Tables - Table Plus

Date

 

 

2011-03-08

HP Printer IPv6 only (smile)

Upgraded Laserjet 4250 with new print server, removed A record

2011-02-28

Host ldap.terena.org IPv6 only (smile)

Removed IPv4 address and A record

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0fe7e99773d2185e-c075947b-42cb44f5-8a07a638-f3c212d52803e335df9fea4d"><ac:plain-text-body><![CDATA[

2011-02-07

Nagios runs only on IPv6

Configure Listen [2001:610:158:98d::42]:80 in /etc/apache/ports.conf

]]></ac:plain-text-body></ac:structured-macro>

2011-02-07

Host svn.terena.org IPv6 only (smile)

Removed IPv4 address and A record

2011-02-01

All linux servers run Postfix on IPv6 only (except listed MXs)

Remove IPv4 addresses from $mynetworks, and set "inet_protocols = ipv6"

2011-01-31

All linux managed by SSH via IPv6 only

Configure "ListenAddress ::" or "AddressFamily inet6" in sshd_config

2011-01-30

All linux servers use only IPv6 resolvers

Only list IPv6 addresses in /etc/resolv.conf:

No Format
nameserver 2001:610:148:dead::4
nameserver 2001:610:158:98d::42
domain terena.org

2010-10-26

VPN supports IPv6

A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6

Specific issues

Name resolution on linux

To avoid name resolution problems, it was sometimes necessary to copy to the legacy 127.0.1.1 entries to ::1 in the /etc/hosts file:

Code Block
127.0.0.1       localhost
127.0.1.1       ldap.terena.org ldap

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback ldap.terena.org ldap

Misc issues

Skype

Skype does not support IPv6 at all. EPIC FAIL!!!! Please everybody VOTE FOR IPv6

...

(question)

...

NAT64

...

TAYGA?, Ecdysis?

...

...

DNS64

...

Ecdysis?

Cisco Catalyst 3750

This switch does not support IPv6 access lists on VLANs. Needs replacing in 2011 anyway. New box might support NAT64?

...

Can be configured to do IPv6, but only PING works (sad)
Investigate further.

Sharp MX-2600N printer

...

After enabling IPv6 on our Sharp MX2600N printer, the network stack actually works, but only a couple of services are running IPv6:

No Format

root@expat:~# nmap -6 2001:610:148:beef::134

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 10:31 CET
Interesting ports on 2001:610:148:beef::134:
Not shown: 996 closed ports
PORT    STATE SERVICE
21/tcp  open  ftp
23/tcp  open  telnet
515/tcp open  printer
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 2.29 seconds

This is in stark contrast to what runs on IPv4:

No Format

root@expat:~# nmap --system-dns 192.87.30.134

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 10:35 CET
Interesting ports on sharp-mx2600n.terena.org (192.87.30.134):
Not shown: 991 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
23/tcp    open  telnet
80/tcp    open  http
443/tcp   open  https
515/tcp   open  printer
631/tcp   open  ipp
5900/tcp  open  vnc
9100/tcp  open  jetdirect
50001/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 2.37 seconds

Now I'm trying to find out how to print using IPP from Windows 7.

Ecdysis

Some tests indicate the Ecdysis works well.
Also, they presented at our own conference last year (wink)
Take into consideration!

Linux issues

...

PECL radius

IPv6 doesn't work. Needed for TERENA web site. (tick) Update 2011-03-01: by upgrading Pear_Auth, Pear Live_User was able to use LDAP (via IPv6), without the Radius overhead.

...

(tick)

apt-get

security.ubuntu.com does not work, so no security updates. Workaround: use local mirror nl.archive.ubuntu.com for security updates.

...

Pear Net_Socket

Does not like IPv6 addresses, wrote patch.

...

(tick)

ntp

ntp.ubuntu.com does not work. Use our own NTP server graham.terena.org, or one of the many SURFnet chimes.

...

(tick)

...

ntp

dumps core without IPv4 loopback address.

...

Workaround: keep legacy 127.0.0.1 address.

...

(tick)

Confluence and JIRA LDAP auth via IPv6

...

b0rked

...

. Workaround: use IPv6 only hostname: ldap.ipv6.terena.org

...

(tick)

Radiator

Cannot use IPv6 LDAP server. Filed support ticket at Open.com.au. Fixed as of 2011-02-12. Also make sure to add flags to any custom perl hooks:
my $ldap = Net::LDAP->new('ldap://ldap.terena.org',inet6=>1);

...

Listmanager

...

This is a custom email list manager, running on Erasmus. 2 lists were doing queries to ldap.terena.org. Unfortunately the Net::LDAP in Ubuntu Hardy (libnet-ldap-perl) is too old and does not recognise the inet6 paramater. Hacked Fixed by copying /usr/share/perl5/Net/LDAP.pm from a Lucid box.

...

Nmap

Nmap only recognizes IPv6 resolvers by specifying "--system-dns"

Exact Globe 2003

This (expensive) financial software package runs on a Windows 2003 server, so it might just work with IPv6.
If this would be running on a Windows 2008 R2 server, then the needed MS SQL server would be able to talk IPv6 with our Windows 7 clients.

However, after more close inspection it does not look too encouraging:

Windows issues

...

Having a software package on a dedicated Windows server, with MSSQL etc is quite some overhead, so I was interested in their new web based product Exact Online.
The Exact Online web site (surprise surprise) can't be reached via IPv6. But if everything is running through HTTP(S), then a NAT64/DNS64 solution might make things work.

WinSCP

Upgrade to 4.2.8 or later to get IPv6 going.

...

(error)

EMS PostgresQL/MySQL manager

Tunneling via SSH does not work. Native Postgres connections work, so the bug must be in sshfwd.dll.

...

Confirmed by EMS, but not yet fixed.

TurtoiseSVN

Works, but some weird things: I had some repositories checked out with TurtoiseSVN, using my SSH keys from Putty/Pageant. Any actions on the repository started to have a really long delay after switching off IPv4 on the subversion server. Fixed after using the right repository URL format, in my case using the Putty session name instead of the host name. This session has everything set properly already. In my case the hostname is svn.terena.org, and the PuTTY session name is svn.

...

(info)

Windows Remote Desktop Client

The "Remote Desktop client" in Windows 7 (mstsc.exe)

...

has some weird behavior. An RDP

...

connection to a Windows 7 computer using a hostname that only has a AAAA record takes 11 seconds. mstsc.exe does an A query first, gets back a No such name, then wait 11 seconds, then asks for and receives the AAAA record, and then immediately connects. |

Mac OS X

...

...

DNS

Autoconfiguring name servers does not work for Mac OS X

...

. Macs need manually configured name servers, boo!

...

CIFS

CIFS client on Mac OS X does not support IPv6

...

. Unable to file bug report due to lame web site ("An error has occurred. Please report the error to Apple Inc. by emailing the error detail to devbugs@apple.com.").

...

CyberDuck

CyberDuck does not work with IPv6 hostnames

...

. Use either literal IPv6 address, or IPv6-only host name godzilla.ipv6.terena.org.
Fixed in 4.0

To Do

...

  • VMware ESXi, Vcenter, VCB. These SHOULD work on IPv6. Curious if they really work on IPv6 only

...

  • ...
  • Google whitelistinng our DNS servers.