Page History

Our office has a /24 IPv4 and a /48 IPv6 network.
Test to see if it would be possible to run parts of the TERENA Secretariat office network on IPv6 only.
This page keeps track of progress, bugs, and issues with this transition.
I will start with all systems and services that are used only internally.

Milestones

...

Advanced Tables - Table Plus

Date
2011-02-28

...

Host ldap.terena.org IPv6 only

...

Removed IPv4 address and A record

...

ldap.terena.org

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="

...

b78b6bae-

...

332f-

...

4f50-

...

95bc-

...

9db85bab49e2"><ac:plain-text-body><![CDATA[

...

2011-02-07

Nagios runs only on IPv6

Configure Listen [2001:610:158:98d::42]:80 in /etc/apache/ports.conf

]]></ac:plain-text-body></ac:structured-macro>

...

2011-02-07

...

Host svn.terena.org IPv6 only

...

Removed IPv4 address and A record

...

svn.terena.org

2011-02-01

All linux servers run Postfix on IPv6 only (except listed MXs)

Remove IPv4 addresses from $mynetworks, and set "inet_protocols = ipv6"

...

2011-01-31

All linux managed by SSH via IPv6 only

Configure "ListenAddress ::" in sshd_config

...

2011-01-30

All linux servers use only IPv6 resolvers

Only IPv6 addresses in /etc/resolv.conf

...

2010-10-26

VPN supports IPv6

A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6

To avoid name resolution problems, it was necessary to copy to the legacy 127.0.1.1 entries to ::1:

...

	PECL radius	IPv6 doesn't work. Needed for TERENA web site. Considering rewriting code to use LDAP.
	apt-get	`security.ubuntu.com` does not work, so no security updates. Workaround: use local mirror `nl.archive.ubuntu.com` for security updates.
	Pear Net_Socket	Does not like IPv6 addresses, wrote patch.
	ntp	`ntp.ubuntu.com` does not work. Use our own NTP server `graham.terena.org`, or one of the many SURFnet chimes.
	ntp	dumps core without IPv4 loopback address. Keep legacy 127.0.0.1 address
	Confluence and JIRA LDAP auth via IPv6 = b0rked	Workaround: use IPv6 only hostname: `ldap.ipv6.terena.org`
	Radiator	Cannot use IPv6 LDAP server. Filed support ticket at Open.com.au. Fixed as of 2011-02-12. Also make sure to add flags to any custom perl hooks: `my $ldap = Net::LDAP->new('ldap://ldap.terena.org',inet6=>1);`
	Listmanager	Custom email list manager, running on Erasmus. 2 lists were doing queries to `ldap.terena.org`. Unfortunately the Net::LDAP in Ubuntu Hardy (`libnet-ldap-perl`) is too old and does not recognise the inet6 paramater. Hacked Fixed by copying `/usr/share/perl5/Net/LDAP.pm` from a Lucid box.
	Nmap	Nmap only recognizes IPv6 resolvers by specifying "`--system-dns`"

Windows issues

	WinSCP	Upgrade to 4.2.8 or later to get IPv6 going
	EMS PostgresQL manager	Tunneling via SSH does not work. Native Postgres connections work, so the bug must be in `sshfwd.dll`.
	TurtoiseSVN	I had some repositories checked out with TurtoiseSVN, using my SSH keys from Putty/Pageant. Any actions on the repository started to have a really long delay after switching off IPv4 on the subversion server. Fixed after using the right repository URL format, in my case using the Putty session name instead of the host name. This session has everything set properly already. In my case the hostname is `svn.terena.org`, and the PuTTY session name is `svn`.
	Remote Desktop client (`mstsc.exe`)	An RDP (Remote Desktop) connection to a Windows 7 computer using a hostname that only has a AAAA record takes 11 seconds. `mstsc.exe` does an A query first, gets back a No such name, then wait 11 seconds, then asks for and receives the AAAA record, and then immediately connects.

...

Space shortcuts

Child pages

Versions Compared

Old Version 61

New Version 62

Key

Milestones

Windows issues