Versions Compared

Old Version 92

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 93

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
typeflat
separatorpipe

Our office has a /24 IPv4 and a /48 IPv6 network since 2003, and all our public services are available on IPv4 and IPv6.

This is a test to see I was wondering if it would be possible to run parts of the TERENA Secretariat office network on IPv6 only.
This page keeps track of progress, bugs, and issues with this transition. I will start with all systems and

Our office has a /24 IPv4 and a /48 IPv6 network since 2003, and all our public services are available on IPv4 and IPv6.
Since we have IPv6 internally for all clients, one step would be remove IPv4 from services that are only used only internally.

BTW, this is not the first time this has been tried out. Other similar attempts:

Jump to:

Table of Contents
typeflat
separatorpipe

Milestones

Advanced Tables - Table Plus

Date

 

 

2011-03-09

All linux servers run PostgreSQL on IPv6 only

Configure "listen_address = '::'" in postgresql.conf. This is not documented (yet).

2011-03-08

HP Printer IPv6 only (smile)

Upgraded Laserjet 4250 with new print server, removed A record

2011-02-28

Host ldap.terena.org IPv6 only (smile)

Removed IPv4 address and A record

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1cb5e470a2482254-4b6e4ed1-400b4e72-805e8075-37c4c5d1ecc67f3e09d12ea2"><ac:plain-text-body><![CDATA[

2011-02-07

Nagios web interface only reachable on IPv6

Configure Listen [2001:610:158:98d::42]:80 in /etc/apache/ports.conf

]]></ac:plain-text-body></ac:structured-macro>

2011-02-07

Host svn.terena.org IPv6 only (smile)

Removed IPv4 address and A record

2011-02-01

All linux servers run Postfix on IPv6 only (except listed MXs)

Remove IPv4 addresses from $mynetworks, and set "inet_protocols = ipv6"

2011-01-31

All linux servers managed by SSH via IPv6 only

Configure "ListenAddress ::" or "AddressFamily inet6" in sshd_config

2011-01-30

All linux servers use only IPv6 resolvers

Only list IPv6 addresses in /etc/resolv.conf:

No Format
nameserver 2001:610:148:dead::4
nameserver 2001:610:158:98d::42
domain terena.org

2010-10-26

VPN supports IPv6

A new VPN setup: Cisco AnyConnect. Clients get an IPv4 and an IPv6 address from the office pools, so they can access all services via IPv6

...

Tunneling via SSH does not work. Native Postgres connections work, so the bug must be in sshfwd.dll.
Confirmed by EMS, but not yet fixed.
Work-around was to not use SSH tunneling anymore, but directly connecting to the database server. Have set up proper rules in pg_hba.conf.
Since the cryptographic shield of SSH was now gone, I have configured all non-local entries in pg_hba.conf to force SSL, such as:

Code Block

# Erasmus
hostssl all all 2001:610:148:dead::2/128    password

TurtoiseSVN

Works, but some weird things: I had some repositories checked out with TurtoiseSVN, using my SSH keys from Putty/Pageant. Any actions on the repository started to have a really long delay after switching off IPv4 on the subversion server. Fixed after using the right repository URL format, in my case using the Putty session name instead of the host name. This session has everything set properly already. In my case the hostname is svn.terena.org, and the PuTTY session name is svn.

...