| View previous topic :: View next topic |
| Author |
Message |
222697
n00b
Joined: 07 May 2010
Posts: 51
|
 Posted: Fri May 01, 2015 3:34 pm Post subject: [solved] sysctl network settings (IPv6) not applied at boot |
 |
|
Hi all,
I have IPv6 connection and to activate "privacy extensions", I created the following file:
(gentoo world is up to date, Linux 3.14.37-gentoo, x86_64, sysctl from procps-ng 3.3.9)
/etc/sysctl.d/40-ipv6.conf
| Code: |
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2
|
But after Booting the computer, these settings have not beeing applied, allthough the boot log says
"sysctl Applying /etc/sysctl.d/40-ipv6.conf ..."
E.g.
| Code: |
cat /proc/sys/net/ipv6/conf/all/use_tempaddr
0
|
And there is also no additional temporary dynamic IPv6 address beeing created.
When doing manually
| Code: |
# sysctl -p /etc/sysctl.d/40-ipv6.conf
|
afterwards, the settings get applied and the additional temporary dynamic IPv6 address gets created.
What is that for a bug and where would be the best alternative place to get the setting done?
Here is a nine year old bug (status: confirmed) regarding this for Ubuntu
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093
but I thought Gentoo would make it better...?
Last edited by 222697 on Mon May 04, 2015 4:15 pm; edited 3 times in total |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri May 01, 2015 7:45 pm Post subject: |
|
|
| Code: |
$ cat /etc/sysctl.conf
net.ipv6.conf.all.use_tempaddr=1
net.ipv6.conf.default.use_tempaddr=1
net.ipv6.conf.wlp4s0.use_tempaddr=1
|
Maybe those sysctl.d files don't work to well?
Maybe something else is unsetting it?
try this
| Code: | /etc/init.d/sysctl restart
sysctl -a | grep net.ipv6.conf.all.use_tempaddr |
However, while privacy extensions are nice, stable private addresses are better for long term connections which dhcpcd provides 
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
222697
n00b
Joined: 07 May 2010
Posts: 51
|
| Posted: Fri May 01, 2015 8:30 pm Post subject: |
|
|
| UberLord wrote: | | Code: |
$ cat /etc/sysctl.conf
net.ipv6.conf.all.use_tempaddr=1
net.ipv6.conf.default.use_tempaddr=1
net.ipv6.conf.wlp4s0.use_tempaddr=1
|
|
You mean that's Your config? The point is what says
cat /proc/sys/net/ipv6/conf/all/use_tempaddr
then
| Code: |
# /etc/init.d/sysctl restart
* WARNING: you are stopping a boot service
* Configuring kernel parameters ...
* Applying /etc/sysctl.d/40-ipv6.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.send_redirects = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.netfilter.nf_conntrack_helper = 0
# sysctl -a | grep net.ipv6.conf.all.use_tempaddr
net.ipv6.conf.all.use_tempaddr = 2
|
Ah, here the content of /var/log/rc.log it looks different, looks like the IPv6 settings are not applied at boot:
| Code: |
* Configuring kernel parameters ...
* Applying /etc/sysctl.d/40-ipv6.conf ...
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.send_redirects = 0
|
Looking at /etc/init.d/sysctl
| Code: |
start()
{
ebegin "Configuring kernel parameters"
sysctl --system
eend $? "Unable to configure some kernel parameters"
}
|
I am wondering why there is no message "Unable to configure some kernel parameters" if they could not be set.
As a workaround, I created the following init script /etc/init.d/ipv6-kernel-config
| Code: |
#!/sbin/openrc-run
# set IPv6 kernel parameters because with sysctl init script they are not set at boot
depend()
{
need net
}
start()
{
ebegin "Configuring IPv6 kernel parameters"
/sbin/sysctl -p /etc/sysctl.d/40-ipv6.conf
eend $? "Unable to configure some kernel parameters"
}
|
and set it to default runlevel
| Code: |
rc-update add ipv6-kernel-config default
|
So, the kernel parameters are set at boot.
| UberLord wrote: |
stable private addresses are better for long term connections which dhcpcd provides
|
Interesting, could You please explain a little more in detail what You mean with private address and about dhcpd config? You mean keep NAT with IPv6 ?
Maybe also advertising a not routable IPv6 net with radvd in the LAN and masquerading via the IPv6 privacy extended IPv6 address?
My gentoo box is my Internet Gateway... |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri May 01, 2015 10:08 pm Post subject: |
|
|
| 1970 wrote: | | UberLord wrote: |
stable private addresses are better for long term connections which dhcpcd provides
|
Interesting, could You please explain a little more in detail what You mean with private address and about dhcpd config? You mean keep NAT with IPv6 ?
Maybe also advertising a not routable IPv6 net with radvd in the LAN and masquerading via the IPv6 privacy extended IPv6 address?
My gentoo box is my Internet Gateway... |
dhcpcd, not dhcpd 
I mean replacing the SLAAC algorythm for making an IPv6 address so that it's stable across reboots and doesn't expose your MAC address in the IPv6 address.
It also changes per SSID.
https://tools.ietf.org/html/rfc7217
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
222697
n00b
Joined: 07 May 2010
Posts: 51
|
| Posted: Sun May 03, 2015 12:05 pm Post subject: |
|
|
| UberLord wrote: |
dhcpcd, not dhcpd
|
Beside the boot time kernel setting, I got another problem, that is, I get wrong RA addresses, it seems. I got them also when running dhcpcd. Please see here for this issue
https://forums.gentoo.org/viewtopic-t-1016306.html |
|
| Back to top |
|
|
hdcg
Tux's lil' helper
Joined: 07 Apr 2013
Posts: 121
|
| Posted: Mon May 04, 2015 2:51 am Post subject: |
|
|
Hi,
do you have by any chance IPv6 configured as a module?
If this is the case, the boot service sysctl is not able to apply your settings. I once ran into the same or a similar issue. I solved it by changing IPv6 to builtin (CONFIG_IPV6=y).
Best Regards,
Holger |
|
| Back to top |
|
|
|
Networking & Security
