News items for tag ipv6 - Koos van den Hout

2017-10-11 Haproxy on the new home server and devuan upgrades 6 days ago
I got around again to working on the new homeserver 2017 and I worked on the installation of a 'testing' virtual machine with virt-install. This test machine also runs devuan linux. The first application I was testing on there is haproxy.

haproxy I noticed some defaults I did not expect (such as preferring IPv4 over IPv6). It seems the 'stable' devuan has the same age issues as 'stable' debian. Otherwise haproxy does what it is supposed to and I may standardize on it.

Upgrading was easy, I looked at Upgrading Devuan Jessie to Ascii and just changed jessie to ascii in /etc/apt/sources.list and did an apt-get dist-upgrade. The only minor issue afterwards is that the system now insists on using framebuffer video, which I find overkill for a virtual machine. VGA 80x25 is fine.

Tags: , , ,
2017-10-09 Interesting NFS exports problem 1 week ago
I am used to being unable to unmount filesystems as long as they are NFS exported. It took me a while to find out how to correctly unexport filesystems before trying to unmount them. The easy solution would be to unexport everything and just export the other filesystems, but I'd rather not interrupt NFS availability of other filesystems.

So it was time to check some large filesystems again and I'd rather not do that during boot as it can delay booting for up to an hour. Currently those filesystems are exported via IPv4 and IPv6. Removing the export for IPv4 is easy:
# exportfs -u 192.168.1.0/255.255.255.0:/export
But for IPv6 it gets harder:
# exportfs -u 2001:db8:a::/64:/export
exportfs: Invalid unexporting option: 2001
So it is still exported via IPv6. And next thing I try to unmount it and notice it's ok to unmount a filesystem that is only exported via IPv6. I guess this shows some interesting bug.

Tags: , ,
2017-09-28 Duelling standards and anti-spam measures 2 weeks ago
In today's mail problems:
   ----- Transcript of session follows -----
... while talking to ecp-nl.mail.protection.outlook.com.:
>>> DATA
<<< 450 4.7.26 Service does not accept messages sent over IPv6 [2001:980:14ca:61::13] unless they pass either SPF or DKIM validation (message not signed) [VE1EUR01FT036.eop-EUR01.prod.protection.outlook.com]
<info@ecp.nl>... Deferred: 450 4.7.26 Service does not accept messages sent over IPv6 [2001:980:14ca:61::13] unless they pass either SPF or DKIM validation (message not signed) [VE1EUR01FT036.eop-EUR01.prod.protection.outlook.com]
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old
Rerouting mail for ecp.nl via xs4all servers in the hopes of getting it delivered.

Some research shows me that the xs4all outgoing mailservers (smtp.xs4all.nl) do offer incoming connectivity via IPv6 but don't connect to the IPv6 addresses of mailservers they are trying to reach.

Tags: , ,
2017-07-17 Now NetworkManager generates resolv.conf .. and starts with legacy IP 3 months ago
I removed rdnssd and resolvconf and fixed the symlink linking /var/run/NetworkManager/resolv.conf and /etc/resolv.conf by hand. The file /etc/NetworkManager/NetworkManager.conf now says:
dns=none
rc-manager=file
But now I run into the 'NetworkManager prefers IPv4 resolvers' again, leaving me with the resolvers from the DHCP answer before those from the IPv6 route advertisment. The search domains are fine now.

Tags: , ,
2017-07-15 More resolving via IPv6 3 months ago
I was reading Debian Stretch - Het Lab Henk van de Kamer (in Dutch) which mentions removing package rdnssd to avoid a dependency problem. But I like rdnssd as it helps use the nameservers available via IPv6 in a network with only SLAAC and no DHCPv6.

Right away I had to check on my own laptop with Ubuntu 16.04 and noticed all traffic was going to the IPv4 address of the local resolver. Which is not what I want, I want to prefer IPv6 when possible. Searching found Bug #936712 “NetworkManager should put IPv6 DNS servers before I...” : Bugs : network-manager package : Ubuntu which is indeed what I saw, and it's still showing in Ubuntu 16.04 Xenial.

My solution was to stop using dnsmasq, and switch to a generated resolv.conf from NetworkManager. To do that I had to update /etc/NetworkManager/NetworkManager.conf to have:
#dns=dnsmasq
dns=none
rc-manager=file
And now I have a resolv.conf with only 3 IPv6 nameservers and no search domains. Not exactly what I want, but at least IPv6 is preferred. I considered something using only the first three resolvers because that is a maximum somewhere but just advertising two resolvers via radvd also makes two show up in the generated resolv.conf. This is not perfect. The generated resolv.conf has comments that it is generated by resolvconf so maybe this is a conflict between resolvconf and NetworkManager not in 'use resolvconf' mode.

Tags: , ,
2017-07-10 Raspbian mirrors sometimes fail when IPv6-only 3 months ago
Just happening:
Err http://mirrordirector.raspbian.org/raspbian/ jessie/main libgcrypt20 armhf 1.6.3-2+deb8u4
  Cannot initiate the connection to raspbian.42.fr:80 (163.172.250.246). - connect (101: Network is unreachable) [IP: 163.172.250.246 80]
It seems mirrordirector.raspbian.org redirects to IPv4-only sites even when the client connects via IPv6. My Raspberry Pi systems have IPv4 disabled. It's a known problem in Bug #1595563 “Native IPv6 client redirected to IPv4-only mirror” : Bugs : Raspbian where people seem to rather ignore the problem. I could reverse the statement there to "a service that can only be accessed by v4 nodes cannot be reasonablly considered to be available on the internet." but I guess that's "different".
Read the rest of Raspbian mirrors sometimes fail when IPv6-only

Tags: , ,
2017-03-10 Keeping an eye on planes in the air 7 months ago
I usually keep dump1090 running on a raspberry pi. It seems it is quite easy to share the data from dump1090 with Plane Finder so I decided to give that a try.

With the installation instructions via the Share your data with Plane Finder page I had the software installed easily. But I needed to visit the configuration page of the software via IPv4... while I disabled IPv4 on the raspberry so it took some changes to make it work again. Next thing the software was reporting the data was available fine but not uploading to the Plane Finder server. Checking with strace shows that the software tries to upload via an IPv4-only connection which will not work. Temporary re-enabling IPv4 fixes things, so it's purely an IPv4/IPv6 thing.

Tags: , ,
2017-01-20 APRS on the Raspberry Pi: trying to decode APRS packets 9 months ago
So the mobilinkd is now connected to serial over bluetooth on the Raspberry Pi, but now to get APRS data into aprx.

So far aprx does start but I see absolutely no data coming in, even when aprsdroid will see traffic. Something strange.
koos@joy:~ $ sudo aprx -v
2017-01-20 22:05:10.593 aprx start - 2.9.0
2017-01-20 22:05:10.594 TTY /dev/rfcomm0 opened
2017-01-20 22:05:20.624 CONNECT APRSIS aprsc.pa4tw.nl:14580
^C
2017-01-20 22:18:06.115 aprx ending (SIG 2) - 2.9.0
2017-01-20 22:18:06.116 aprx ending (SIG 2) - 2.9.0
It's a good thing aprsc.pa4tw.nl has an IPv6 address as this Raspberry Pi is only configured for IPv6.

Testing with minicom on /dev/rfcomm0 does show the startup messages from the mobilinkd but absolutely no APRS data in KISS format,,,
== BeRTOS AVR/Mobilinkd TNC2
== Version 2.0.1.571
== Voltage: 4019mV
== Starting.
Switching the mobilinkd between the Raspberry Pi and the smartphone with aprsdroid does seem to confuse something, it's not always showing data in aprsdroid either.

Installing the Linux ax25-tools and using kissattach and configuring aprx to use that interface doesn't help either.

Back to the KISS over serial port over bluetooth config I changed the setting 'bluetooth tracking' on the mobilinkd, which is advised for digipeater setups. And now I am seeing something:
koos@joy:~ $ sudo aprx -v
2017-01-20 23:12:17.568 aprx start - 2.9.0
2017-01-20 23:12:17.569 TTY /dev/rfcomm0 opened
9621    PE4KH-8   R     DB0NY>APZ17,DB0KX-2*,PE0FK-10*,PI1SHB*,PA7J-2*,WIDE2*,PI1APU*,LOCAL:!5103.84N/00736.63E#www.g07.de
2017-01-20 23:12:30.378 CONNECT APRSIS aprsc.pa4tw.nl:14580
9728    PE4KH-8   R     PI1APU>APND13:>W3,NL7      PAradigm    operation!
9831    PE4KH-8   R     PA3BXR-9>UQ5QW1,PA7J-2*,WIDE1*,PI1APU*,WIDE2-1:`zDKnA8>/]"3m}431.275MHz=
9867    PE4KH-8   R     PI1SHB>APRX29,PI1APU*,WIDE2-1:!5142.02N/00520.78E#PHG3460/2m Digi/IGate 's-Hertogenbosch
9934    PE4KH-8   R     PA5JB>APU25N,PE2KDK*,PI1APU*,WIDE2*:>202317zDX: PI1SHB 51.42.02N 5.20.78E 76.3km 133� 23:13
9942    PE4KH-8   R     PI1DFT>APMI01,PI1SHB*,PI1APU*,WIDE2*:@202317z5159.70N/00420.17E#WX3IN1 Digipeater 2 mtr. pi1dft ziggo.nl
10007   PE4KH-8   R     PI1APV-2>APMI04,PI1DFT*,PA7J-2*,WIDE1*,PI1APU*,LOCAL:@202318z5130.81N/00344.00EI digi vliegveld MIDDEN ZEELAND
10018   PE4KH-8   R     DB0OTV-2>APOT21,DB0KX-2*,PE0FK-10*,PI1SHB*,PI1APU*,WIDE2*:>FILL IN DIGI + D-Star + C4FM QRG = 439,500 MHz -7,6 MHz
10122   PE4KH-8   R     PE9R>APX204,PI1APU*,WIDE2-1:=5202.5 N/00439.0 E-PHG2290QRV PI6NOS/ PI2NOS
10175   PE4KH-8   R     PA7J-2>APMI01,PI1APU*,WIDE2*:@210000z5149.68N/00450.43E-WX3IN1 PA7J Digi & I-gate Hardinxveld
10209   PE4KH-8   R     PD0JAC-10>UQ4XS8,PI1SHB*,PI1APU*,WIDE2-1:`{Mym>5#/>"4/}=
10227   PE4KH-8   R     PA3BI-10>APRS,PI1DFT*,WIDE1*,PA7J-2*,WIDE2*,PI1APU*,LOCAL:!5214.65N/00426.30E-000/000www.isemann.nl/A=000696
10277   PE4KH-8   R     PI1APV-2>APMI04,PI1DFT*,PA7J-2*,WIDE2*,PI1APU*,LOCAL::PI1APV-2 :BITS.11111111,Telemetry
10316   PE4KH-8   R     PI1SHB>APRX29,PI1APU*,WIDE2-1:!5142.02N/00520.78E#PHG3460/2m Digi/IGate 's-Hertogenbosch
And the results are showing up via the aprsc dashboard on aprsc.pa4tw.nl. Almost all packets I receive and forward are rejected as duplicate packets, but I have seen some packets accepted. So I guess I'm not really needed as an I-gate.

Tags: , , ,
2016-11-12 Disabling IPv4 on the Raspberry Pi 11 months ago
I have two Raspberry Pi's running in the house, currently with IPv4 still enabled on them. They both run Raspbian 8.0. I was wondering whether I can disable IPv4 on the Raspberry Pi, but a google search does not yield very helpful answers, most of the search terms I try still find pages about disabling IPv6. I want to disable the legacy IP protocol.

Only one way to find out: go for it. Now rebooting one with the statement ipv6only in /etc/dhcpcd.conf.

First thing I noticed was that the searchdomain was not set in /etc/resolv.conf which was indeed only available via the DHCP process for IPv4. So now radvd advertises the search domain via the DNSSL option in /etc/radvd.conf:
   RDNSS 2001:980:14ca:42::18 {
   };
   DNSSL idefix.net {
   };
The first results are:
  • It turned out the ntp config on the raspberry had one IPv6-only and one IPv4-only server. Added a dual-stack server.
  • And ndpmon really does not like the DNSSL option, even when I add it in the config_ndpmon.xml file as
                      <dnssl>
                        <domain lifetime="600">idefix.net</domain>
                      </dnssl>
    
    Fixed by changing it to
                      <dnssl>
                        <domain lifetime="600">^Fidefix^Cnet</domain>
                      </dnssl>
    
    yes, with literal ctrl-F and ctrl-C characters, showing that there is some error in the parsing somewhere.
  • rwhod is IPv4-only so the status is not visible in my network anymore. A workaround for that is not disabling IPv4 completely but just removing the default route, not using ipv6only in /etc/dhcpcd.conf but using the option nooption routers.

Tags: , , ,
2016-11-07 The future of the Internet is IPv6 11 months ago
Just read Internet Architecture Board Statement on IPv6 with:
The IAB expects that the IETF will stop requiring IPv4 compatibility in new or extended protocols. Future IETF protocol work will then optimize for and depend on IPv6.

Preparation for this transition requires ensuring that many different environments are capable of operating completely on IPv6 without being dependent on IPv4 [see RFC 6540]. We recommend that all networking standards assume the use of IPv6, and be written so they do not require IPv4. We recommend that existing standards be reviewed to ensure they will work with IPv6, and use IPv6 examples. Backward connectivity to IPv4, via dual-stack or a transition technology, will be needed for some time.

Tags: , ,
2016-06-27 Ancient configuration causing warnings 1 year ago
Lots of error messages showing up recently looking like:
Jun 27 12:02:23 greenblatt named[4789]: checkhints: d.root-servers.net/A (199.7.91.13) missing from hints
Jun 27 12:02:23 greenblatt named[4789]: checkhints: d.root-servers.net/A (128.8.10.90) extra record in hints
The hints come from the root-hints file which the resolver software (bind9) uses to know where to start resolving. I checked my db.root, which said:
;       last update:    Jun 17, 2010
;       related version of root zone:   2010061700
But it is from the ubuntu 12.04 bind9 package:
# dpkg -S /etc/bind/db.root
bind9: /etc/bind/db.root
Solution with help from How Do I Update The Root Hints Data File for BIND Named Server? - UNIX fu was getting the latest from ftp.rs.internic.net which now says
;       last update:    March 23, 2016
;       related version of root zone:   2016032301
and I should get less warnings now. Comparing the two files shows changed IPv4 addresses for d.root-servers and h.root-servers, changed IPv6 addresses for a.root-servers and h.root-servers and added(!) IPv6 addresses for c.root-servers, d.root-servers, i.root-servers and j.root-servers.

Tags: , ,
2016-06-16 Recovered the Raspberry Pi 1 year ago
So when the Raspberry Pi 3 came out in February I bought one, complete with power supply, case, microSD card and small keyboard. I just could not resist it. I installed it, connected it to the network and did not really have a task for it. It is joy.idefix.net.

After a while this changed and I started running dump1090 on it to get an idea of the planes in range from my house. It is connected to the antenna used in the earlier ADS-B receiving experiments and sees high altitude and/or nearby airplanes fine.

Recently I ran some updates and those failed because the root-filesystem was filling up. I did not notice that left some files missing, so I just ran the commands to resize the raspbian root filesystem to fill the SD card - Coderwall and waited for the reboot. This ended up in a nice multicolour screen with nothing running. I looked that up and found Raspberry Pi with boots up with Rainbow screen - Raspberry Pi Stack Exchange so it was time to recover. I mounted the SD card on an x86 linux system and found the kernel.img and other files in /boot were missing. I searched how to mount the raspbian image and found How can I mount a Raspberry Pi Linux distro image? - Raspberry Pi Stack Exchange. I started with using the loopback device, copied the whole /boot directory from that image and did a filesystem check in the SD card. It booted again but showed driver issues. I reran all the updates which reinstalled the raspberrypi-kernel package and after that the driver problems were gone and things worked again.

Tags: , ,
2016-03-09 Verschil in gevolg hik tussen ipv6 en ipv4 1 year ago
Met de regelmatige hikken van mijn VDSL verbinding merk ik nu ook een raar verschil tussen IPv4 en IPv6 voor langlopende TCP sessies van buiten af naar een service op mijn server. Die met IPv6 worden veel eerder verbroken bij een VDSL hik.

Van buiten af zie ik ook een verschil in het gevolg voor IPv4 en IPv6. De output van mtr voor IPv4 vanaf shell.xs4all.nl:
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 124.ae0.xr4.1d12.xs4all.net       0.0%     2   63.5  31.9   0.4  63.5  44.7
 2. 0.ae1.dr12.d12.xs4all.net         0.0%     2    0.4   0.8   0.4   1.2   0.6
En de output van mtr voor IPv6 vanaf shell.xs4all.nl:
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 124.ae0.xr4.1d12.xs4all.net       0.0%     4    1.1  24.0   0.4  92.7  45.8
Een hop minder.

Xs4all heeft keurig de router IP adressen consistente namen voor IPv4 en IPv6 gegeven.

Tags: , ,
2016-01-29 Linux dummy network interfaces can be very handy 1 year ago
The recent interruptions in the outside Internet connection made my wish to improve some things in the server at home so internal things keep running through an interruption.

I have to request an IPv6 range for an interface to make wide-dhcpv6-client run, it won't run when I don't configure the interface to assign a /64 to, and my ISP will not route IPv6 when I don't use IPv6 prefix delegation to request the space which is static anyway. But I want the wired and wireless network to have fixed IPv6 ranges so things keep running even when the outside link has a hickup. Solution: request the IPv6 range for a dummy network interface and assign static IPv6 ranges to the ethernet interfaces. In /etc/network/interfaces:
auto dumdh6
iface dumdh6 inet static
    pre-up ip link add name dumdh6 type dummy
    address 0.0.0.0
And in /etc/wide-dhcpv6/dhcp6c.conf:
interface ppp0
{
        send ia-pd 0;

                script "/etc/wide-dhcpv6/dhcp6c-script";
};
id-assoc pd {
        prefix-interface dumdh6 {
                sla-id 3;
        };
};
And there is another dummynet interface to assign the fixed IP addresses to I use for hosting services. This means those services can start (and keep running) even when the link hickups and removes the IP address from the ppp interface. Earlier I did this on an unused vlan interface, but using dummynet feels more tidy.

Tags: , ,
2016-01-28 Shodan using the IPv6 ntp pool to find active IPv6 addresses 1 year ago
Recently posted: shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes. So I tried:
ntpdate -d -u 2a03:b0c0:3:d0::18:b001
And indeed:
Jan 28 14:42:25 server kernel: [1187976.106758] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=49717 DPT=55554 WINDOW=54358 RES=0x00 SYN URGP=0 
Jan 28 14:42:25 server kernel: [1187976.107191] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34680 DPT=50070 WINDOW=26315 RES=0x00 SYN URGP=0 
Jan 28 14:42:25 server kernel: [1187976.107256] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=49717 DPT=32764 WINDOW=15398 RES=0x00 SYN URGP=0 
Jan 28 14:42:25 server kernel: [1187976.107309] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=41249 DPT=44818 WINDOW=15146 RES=0x00 SYN URGP=0 
Jan 28 14:42:25 server kernel: [1187976.107380] FW dropped: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=52 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=UDP SPT=13864 DPT=30718 LEN=12 
Jan 28 14:42:25 server kernel: [1187976.107427] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=59140 DPT=25565 WINDOW=53087 RES=0x00 SYN URGP=0 
Jan 28 14:42:25 server kernel: [1187976.108613] FW dropped: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=55 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=UDP SPT=32950 DPT=8888 LEN=15 
Jan 28 14:42:25 server kernel: [1187976.110197] FW dropped: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=UDP SPT=39721 DPT=64738 LEN=20 
Jan 28 14:42:25 server kernel: [1187976.110315] FW dropped: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=50 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=UDP SPT=46499 DPT=5632 LEN=10 
Jan 28 14:42:25 server kernel: [1187976.110405] FW dropped: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=65 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=UDP SPT=21934 DPT=47808 LEN=25 
Jan 28 14:42:31 server kernel: [1187981.938880] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34235 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 
Jan 28 14:42:31 server kernel: [1187982.030058] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34235 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 
Jan 28 14:42:31 server kernel: [1187982.197203] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34237 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 
Jan 28 14:42:33 server kernel: [1187984.398977] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34245 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 
Jan 28 14:42:34 server kernel: [1187984.620836] FW reject: IN=ppp0 OUT= MAC= SRC=2604:a880:0800:0010:0000:0000:00fe:d001 DST=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx LEN=60 TC=0 HOPLIMIT=55 FLOWLBL=0 PROTO=TCP SPT=34244 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 
I would have expected more ports tested.

Tags: , , ,
2016-01-14 Boot-time IPv6 on the homeserver not working 1 year ago
I shutdown and rebooted the homeserver to get an updated kernel and look at some other things. After booting up again I noticed the problem with IPv6 not active on interfaces that started early was happening again. No linklocal addresses configured, no global addresses configured. This affects all ethernet interfaces and ppp0 for the link to the outside world. I also noticed this problem after the upgrade, see Upgrading the homeserver to Ubuntu 12.04 but the problem remains even with an updated kernel (currently 3.2.0-97-generic).

I have no idea what causes this and how to fix it. It seems related to Debian bug #726569: haproxy doesn't start on boot due to missing IPv6 address on interface but in that case the address is configured but just not available to applications to bind to. Related Beware the IPv6 DAD Race Condition - Andrew Ayer suggests the same (duplicate address detection race condition) but has disabling duplicate address detection (DAD) as workaround.

Tags: , ,
2016-01-08 IPv6 visitor stats 2015 1 year ago
Time to count IPv6 visitor percentage to different websites again:
SiteJuly 2009July 2010July 2011July 2012July 2014July 2015
http://idefix.net/ my homepage 1% 2% 2% 3% 4% 6%
http://netwerk.idefix.net/ hcc!pcgg netwerkgroep 2% 2% 2% 3% 1% 3%
http://weather.idefix.net/ weather maps < 1% 5% 6% 7% 6% 12%
http://bbs.idefix.net/ BBS files 1% 1% 1% 3% 7%
http://webcam.idefix.net/ the webcam < 1% 1% < 1% 2% 2% 5%
http://www.virtualbookcase.com/ The Virtual Bookcase < 1% 1% 1% 4% 87% 3% 80% 6%
http://www.camp-wireless.org/ Camp Wireless < 1% 1% 1% 3% 70% 3% 82% 6%
http://weatherstation.idefix.net/ Weather station Utrecht Overvecht 1% 5%
Interesting numbers. Results for The Virtual Bookcase and Camp Wireless are totally skewed thanks to some IPv6 bot constantly checking the site from constantly changing IPv6 addresses .. but without privacy extensions enabled. Other sites are showing a growth consistent with general IPv6 growth in the world.

Method: unique IPv6 addresses seen in the whole month / total unique addresses (IPv4+IPv6) seen in the whole month.

Update: Filtering for 'curl' helped in normalizing the results.

Tags: ,
2015-12-13 Trying to squeeze in some radio hobby when propagation is cooperating 1 year ago
This weekend I wanted to play some radio but it was hard to find time and cooperating propagation. At the moment propagation seems very limited and it only happens during the hours the sun is up for the amateur bands I am active in (20 meter and 10 meter).

On Saturday it was rainy most of the day which ment the roof was wet and my signals weren't getting out when I got around to trying. I had enough incoming signals and had nice overviews on PSK reporter but nobody heard me when I had time to call/answer.

On Sunday it was dry and I made five PSK31 contacts, and one SSB contact. After sunset the 20 meter band dried up quickly for me so I hung out the endfed to try my luck on 40 meter. Calling CQ in RTTY mode on 7051 MHz got spotted on the reverse beacon network but nobody answered. What frequency on 40 meter is good for PSK31 varies, but the only frequency where I hear/see it active is 7.040 MHz which is currently outside the frequency range I'm allowed to use.

So I tried something else: JT-65 since I did hear the JT-65 tones above 7.076 MHz. The software was readily available via the Ubuntu ham radio software repository: wsjtx. It took me a bit of work to configure it to use hamlib via localhost: I can select the right rig type (NET rigctl 2) but I can't select a network host. Entering 'localhost' gave me a 'connection refused' error which I did not expect. I used strace to find out and the connection was only attempted to ::1, the IPv6 localhost where rigctld does not listen. I entered 127.0.0.1 as port and CAT control (controlling and monitoring my radio) started working. I saw some activity, and even tried answering a CQ call, but my answer was not received.

JT-65 takes time: transmitting a message of maximum 13 characters takes around 50 seconds(!). A full QSO including signal reports takes at least 6 minutes, it's really not a mode for chatting or for fast contacts. On the other hand: it is a weak-signal mode, JT-65 can dig up signals deep from the noise!

Tags: , ,
2015-06-03 Working IPv6 at Surfnet office 2 years ago
December last year I noticed IPv6 at the Surfnet office breaking in interesting ways. Recently I was invited to come over and test it again, news was that the problem I was seeing should be fixed now. I accepted that invitation and Yesterday I was at the new office and tested it. And indeed it now works good, I received a stable IPv6 assignment and I was able to keep long-running IPv6 sessions to multiple systems at home. The technical reasons behind it are 'interesting' but the good news is that the eduroamers network now has stable IPv6.

Tags: ,
2015-04-27 Upgrading the homeserver to Ubuntu 12.04 2 years ago
And to get to a version of Ubuntu with support available I kept doing and did 'do-release-upgrade' again today on the homeserver greenblatt.

Again the upgrade was running for a while. A big improvement is that the process now uses screen so I was able to attach to that running console from other sessions and answer questions.

After the upgrade the reboot came, and after the reboot I noticed resolving was broken. This was traced back to the ppp0 interface for the connection to the outside world and the internal interface for services having started completely without IPv6 support. Doing an ifdown and ifup helped, but this should all start correct automatically.

I noticed the new Postgresql 9.1 is already installed, but Postgresql 8.4 is the default version available over port 5432, so I can do the pg_upgradecluster when I have time for that.

Later I noticed some packages were held back. I traced this back to /etc/apt/preferences still being optimized for Ubuntu 8.04 hardy and hardy-backports. I emptied the preferences file and it all sorted itself out and now everything is up to date.

This was probably the reason Postgresql 8.4 was left installed and active. After the updates above apt-get autoremove was going to delete Postgresql 8.4.
Read the rest of Upgrading the homeserver to Ubuntu 12.04

Tags: , , ,
  Older news items for tag ipv6 ⇒
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps