From owner-freebsd-net@FreeBSD.ORG Fri Aug 29 15:42:45 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6FE47AEA for ; Fri, 29 Aug 2014 15:42:45 +0000 (UTC) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 154C21D97 for ; Fri, 29 Aug 2014 15:42:43 +0000 (UTC) Received: from alph.d.allbsd.org ([IPv6:2001:2f0:104:e010:862b:2bff:febc:8956]) (authenticated bits=56) by mail.allbsd.org (8.14.9/8.14.8) with ESMTP id s7TFgIsc052761 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 30 Aug 2014 00:42:29 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.d.allbsd.org (8.14.8/8.14.8) with ESMTP id s7TFgBHL039639; Sat, 30 Aug 2014 00:42:17 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Sat, 30 Aug 2014 00:41:56 +0900 (JST) Message-Id: <20140830.004156.1902600650619729089.hrs@allbsd.org> To: jhay@meraka.org.za Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" From: Hiroki Sato In-Reply-To: <20140829101707.GA83695@zibbi.meraka.csir.co.za> References: <53FD7B34.1050408@jonathanprice.org> <2D16BCE4-5E5A-4C06-8927-76953DDEC348@lists.zabbadoz.net> <20140829101707.GA83695@zibbi.meraka.csir.co.za> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.6 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Sat_Aug_30_00_41_56_2014_087)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [IPv6:2001:2f0:104:e001::32]); Sat, 30 Aug 2014 00:42:37 +0900 (JST) X-Spam-Status: No, score=-97.9 required=13.0 tests=CONTENT_TYPE_PRESENT, RDNS_NONE,SPF_SOFTFAIL,USER_IN_WHITELIST autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gatekeeper.allbsd.org Cc: bzeeb-lists@lists.zabbadoz.net, freebsd@jonathanprice.org, freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2014 15:42:45 -0000 ----Security_Multipart0(Sat_Aug_30_00_41_56_2014_087)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Sat_Aug_30_00_41_56_2014_971)--" Content-Transfer-Encoding: 7bit ----Next_Part(Sat_Aug_30_00_41_56_2014_971)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit John Hay wrote in <20140829101707.GA83695@zibbi.meraka.csir.co.za>: jh> On Wed, Aug 27, 2014 at 11:59:25AM +0000, Bjoern A. Zeeb wrote: jh> > jh> > On 27 Aug 2014, at 06:31 , Jonathan Price jh> > wrote: jh> > jh> > > On 2014-08-27 01:40, Peter Wemm wrote: jh> > >> On Tuesday 26 August 2014 10:40:27 freebsd@jonathanprice.org wrote: jh> > >>> Hello, jh> > >>> jh> > >>> I am configuring a server with IPv4 and IPv6 addresses and have jh> > >>> noticed that jh> > >>> FreeBSD seems to be preferring IPv4, such as when establishing SSH jh> > >>> connections. jh> > >>> jh> > >>> After reading through /etc/defaults/rc.conf, and later jh> > >>> /etc/rc.d/ip6addrctl jh> > >>> I have come to the conclusion that I have two ways to tell FreeBSD to jh> > >>> prefer IPv6: jh> > >>> jh> > >>> 1) Add ipv6_activate_all_interfaces to /etc/rc.conf jh> > >>> 2) Add ip6addrctl_policy="ipv6_prefer" to /etc/rc.conf jh> > >>> jh> ... jh> > > However, it does sound like for my purposes it would make more sense jh> > > to use ip6addrctl_policy=?ipv6_prefer" as that is more explicitly the jh> > > feature I want, rather than getting it inadvertently through the other jh> > > knob. jh> > jh> > Yes. Definitively. I am not sure if it has happened but if IPv6 jh> > config is configured through rc.conf that setting should be(come) jh> > default. jh> > jh> jh> It does not seem so yet (anymore, it was like that many moons ago). A jh> new ... jh> I think if an IPv6 address is configured on a machine, it should jh> prefer ipv6 jh> addresses. That would match what the rest are doing. True at this moment. I have a patch to make it set ipv6_prefer when at least one ifconfig_IF_ipv6 is configured. Is there any objection to commit this? I had hesitated to add this for a technical reason which was eliminated by adding list_vars(). -- Hiroki ----Next_Part(Sat_Aug_30_00_41_56_2014_971)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ip6addrctl_ifconfig.20140829.diff" Index: rc.d/ip6addrctl =================================================================== --- rc.d/ip6addrctl (revision 270577) +++ rc.d/ip6addrctl (working copy) @@ -75,6 +75,8 @@ else if checkyesno ipv6_activate_all_interfaces; then ip6addrctl_prefer_ipv6 + elif [ -n "$(list_vars ifconfig_\*_ipv6)" ]; then + ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 fi ----Next_Part(Sat_Aug_30_00_41_56_2014_971)---- ----Security_Multipart0(Sat_Aug_30_00_41_56_2014_087)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlQAn0QACgkQTyzT2CeTzy20NgCfS8Os3/xKTMm078Ij4a3xk6CU xUEAoNefQyEJQxNm7A7OYBGIfHlHm3ut =6vJp -----END PGP SIGNATURE----- ----Security_Multipart0(Sat_Aug_30_00_41_56_2014_087)----