Versions Compared

Old Version 97

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 98

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
typeflat
separatorpipe

MacOSX Lion & Cisco AnyConnect

Late July 2011 Apple released version 10.7 of their OSX operating system, named Lion. This version has several major IPv6 related improvements, the most important I think is DHCPv6 support. This means that it is now possible to successfully run a Mac in an IPv6 only environment without any configuration.
Unfortunately for us AnyConnect has a serious bug on Lion, namely that there is no default gateway being configured for IPv6 upon connection.
Since we have several IPv6 only services these days, this is a true show stopper (sad)
What makes it worse it that the smbd in Lion has IPv6 support, and because our Windows 7 computers already support SMB via IPv6, this means that we could make our Samba server IPv6 only. But since AnyConnect does not work, this is not (yet) an option...
The issue has been reported already to Cisco and is filed as CSCts11510 (login required).
Rumour has it that a fix is available soon, so let's just keep our fingers crossed!

Milestones

Milestones

A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6
Advanced Tables - Table Plus

Date

 

 

2011-10-31

Our primary file server runs Samba on IPv6 only (smile)
After the last Mac was upgraded to Lion I silently removed IPv4, and nobody even noticed (tongue)

Removed A record for samba.terena.org
Hardcoded the IPv6 address in smb.conf:
bind interfaces only = yes
interfaces = 2001:610:148:beef::132/64

2011-03-09

All linux servers run PostgreSQL on IPv6 only

Configure "listen_address = '::'" in postgresql.conf. This is not documented (yet).

2011-03-08

HP Printer IPv6 only (smile)

Upgraded Laserjet 4250 with new print server, removed A record for hp4250-1.terena.org

2011-02-28

Host ldap.terena.org IPv6 only (smile)

Removed IPv4 address and A record

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e69c157c-1df7-4cdd-bd90-22050e1ce65e"><ac:plain-text-body><![CDATA[

2011-02-07

Nagios web interface only reachable on IPv6

Configure Listen [2001:610:158:98d::42]:80 in /etc/apache/ports.conf

]]></ac:plain-text-body></ac:structured-macro>

2011-02-07

Host svn.terena.org IPv6 only (smile)

Removed IPv4 address and

Advanced Tables - Table Plus

Only list IPv6 addresses in /etc/resolv.conf:

Date

 

 

2011-03-09

All linux servers run PostgreSQL on IPv6 only

Configure "listen_address = '::'" in postgresql.conf. This is not documented (yet).

2011-03-08

HP Printer IPv6 only (smile)

Upgraded Laserjet 4250 with new print server, removed A record

2011-02-28

Host ldap.terena.org IPv6 only (smile)

Removed IPv4 address and A record

01

All linux servers run Postfix on IPv6 only (except listed MXs)

Remove IPv4 addresses from $mynetworks, and set "inet_protocols = ipv6"

2011-01-31

All linux servers managed by SSH via IPv6 only

Configure "ListenAddress ::" or "AddressFamily inet6" in sshd_config

2011-01-30

All linux servers use only IPv6 resolvers

Only list IPv6 addresses in /etc/resolv.conf:

No Format
nameserver 2001:610:148:dead::4
nameserver

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3ff7acdf-3b7c-4525-bd6c-bce45004bb29"><ac:plain-text-body><![CDATA[

2011-02-07

Nagios web interface only reachable on IPv6

Configure Listen [
2001:610:158:98d::42
]:80 in /etc/apache/ports.conf

]]></ac:plain-text-body></ac:structured-macro>

2011-02-07

Host svn.terena.org IPv6 only (smile)

Removed IPv4 address and A record

2011-02-01

All linux servers run Postfix on IPv6 only (except listed MXs)

Remove IPv4 addresses from $mynetworks, and set "inet_protocols = ipv6"

2011-01-31

All linux servers managed by SSH via IPv6 only

Configure "ListenAddress ::" or "AddressFamily inet6" in sshd_config

2011-01-30

All linux servers use only IPv6 resolvers

No Format
nameserver 2001:610:148:dead::4
nameserver 2001:610:158:98d::42
domain terena.org

2010-10-26

VPN supports IPv6 


domain terena.org

2010-10-26

VPN supports IPv6

A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6

MacOSX Lion & Cisco AnyConnect

Late July 2011 Apple released version 10.7 of their OSX operating system, named Lion. This version has several major IPv6 related improvements, the most important I think is DHCPv6 support. This means that it is now possible to successfully run a Mac in an IPv6 only environment without any configuration.
Unfortunately for us AnyConnect has a serious bug on Lion, namely that there is no default gateway being configured for IPv6 upon connection.
Since we have several IPv6 only services these days, this is a true show stopper (sad)
What makes it worse it that the smbd in Lion has IPv6 support, and because our Windows 7 computers already support SMB via IPv6, this means that we could make our Samba server IPv6 only. But since AnyConnect does not work, this is not (yet) an option...
The issue has been reported already to Cisco and is filed as CSCts11510 (login required).
Rumour has it that a fix is available soon, so let's just keep our fingers crossed!
Update: As of 29 September 2011, AnyConnect 3.0.4235 fixes the problems! Now all my users can have IPv6 again from everywhere (smile)

Specific issues

Name resolution

...