Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] sysctl network settings (IPv6) not applied at boot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Fri May 01, 2015 3:34 pm    Post subject: [solved] sysctl network settings (IPv6) not applied at boot Reply with quote

Hi all,

I have IPv6 connection and to activate "privacy extensions", I created the following file:
(gentoo world is up to date, Linux 3.14.37-gentoo, x86_64, sysctl from procps-ng 3.3.9)

/etc/sysctl.d/40-ipv6.conf
Code:

net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2

But after Booting the computer, these settings have not beeing applied, allthough the boot log says
"sysctl Applying /etc/sysctl.d/40-ipv6.conf ..."
E.g.
Code:

cat /proc/sys/net/ipv6/conf/all/use_tempaddr
0

And there is also no additional temporary dynamic IPv6 address beeing created.

When doing manually
Code:

# sysctl -p /etc/sysctl.d/40-ipv6.conf

afterwards, the settings get applied and the additional temporary dynamic IPv6 address gets created.

What is that for a bug and where would be the best alternative place to get the setting done?

Here is a nine year old bug (status: confirmed) regarding this for Ubuntu
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093
but I thought Gentoo would make it better...?


Last edited by 1970 on Mon May 04, 2015 4:15 pm; edited 3 times in total
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6759
Location: Blighty

PostPosted: Fri May 01, 2015 7:45 pm    Post subject: Reply with quote

Code:

$ cat /etc/sysctl.conf
net.ipv6.conf.all.use_tempaddr=1
net.ipv6.conf.default.use_tempaddr=1
net.ipv6.conf.wlp4s0.use_tempaddr=1


Maybe those sysctl.d files don't work to well?
Maybe something else is unsetting it?

try this
Code:
/etc/init.d/sysctl restart
sysctl -a | grep net.ipv6.conf.all.use_tempaddr


However, while privacy extensions are nice, stable private addresses are better for long term connections which dhcpcd provides :)
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Fri May 01, 2015 8:30 pm    Post subject: Reply with quote

UberLord wrote:
Code:

$ cat /etc/sysctl.conf
net.ipv6.conf.all.use_tempaddr=1
net.ipv6.conf.default.use_tempaddr=1
net.ipv6.conf.wlp4s0.use_tempaddr=1


You mean that's Your config? The point is what says
cat /proc/sys/net/ipv6/conf/all/use_tempaddr
then
Code:

# /etc/init.d/sysctl restart
 * WARNING: you are stopping a boot service
 * Configuring kernel parameters ...
* Applying /etc/sysctl.d/40-ipv6.conf ...
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth1.use_tempaddr = 2
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.send_redirects = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.netfilter.nf_conntrack_helper = 0
# sysctl -a | grep net.ipv6.conf.all.use_tempaddr
net.ipv6.conf.all.use_tempaddr = 2


Ah, here the content of /var/log/rc.log it looks different, looks like the IPv6 settings are not applied at boot:
Code:

 * Configuring kernel parameters ...
* Applying /etc/sysctl.d/40-ipv6.conf ...
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.send_redirects = 0


Looking at /etc/init.d/sysctl
Code:

start()
{
    ebegin "Configuring kernel parameters"
    sysctl --system
    eend $? "Unable to configure some kernel parameters"
}

I am wondering why there is no message "Unable to configure some kernel parameters" if they could not be set.

As a workaround, I created the following init script /etc/init.d/ipv6-kernel-config
Code:

#!/sbin/openrc-run

# set IPv6 kernel parameters because with sysctl init script they are not set at boot

depend()
{
    need net
}

start()
{
    ebegin "Configuring IPv6 kernel parameters"
    /sbin/sysctl -p /etc/sysctl.d/40-ipv6.conf
    eend $? "Unable to configure some kernel parameters"
}

and set it to default runlevel
Code:

rc-update add ipv6-kernel-config default


So, the kernel parameters are set at boot.

UberLord wrote:

stable private addresses are better for long term connections which dhcpcd provides

Interesting, could You please explain a little more in detail what You mean with private address and about dhcpd config? You mean keep NAT with IPv6 ?
Maybe also advertising a not routable IPv6 net with radvd in the LAN and masquerading via the IPv6 privacy extended IPv6 address?
My gentoo box is my Internet Gateway... :)
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6759
Location: Blighty

PostPosted: Fri May 01, 2015 10:08 pm    Post subject: Reply with quote

1970 wrote:
UberLord wrote:

stable private addresses are better for long term connections which dhcpcd provides

Interesting, could You please explain a little more in detail what You mean with private address and about dhcpd config? You mean keep NAT with IPv6 ?
Maybe also advertising a not routable IPv6 net with radvd in the LAN and masquerading via the IPv6 privacy extended IPv6 address?
My gentoo box is my Internet Gateway... :)


dhcpcd, not dhcpd ;)

I mean replacing the SLAAC algorythm for making an IPv6 address so that it's stable across reboots and doesn't expose your MAC address in the IPv6 address.
It also changes per SSID.
https://tools.ietf.org/html/rfc7217
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Sun May 03, 2015 12:05 pm    Post subject: Reply with quote

UberLord wrote:

dhcpcd, not dhcpd ;)


Beside the boot time kernel setting, I got another problem, that is, I get wrong RA addresses, it seems. I got them also when running dhcpcd. Please see here for this issue
https://forums.gentoo.org/viewtopic-t-1016306.html
Back to top
View user's profile Send private message
hdcg
n00b
n00b


Joined: 07 Apr 2013
Posts: 61

PostPosted: Mon May 04, 2015 2:51 am    Post subject: Reply with quote

Hi,

do you have by any chance IPv6 configured as a module?
If this is the case, the boot service sysctl is not able to apply your settings. I once ran into the same or a similar issue. I solved it by changing IPv6 to builtin (CONFIG_IPV6=y).

Best Regards,
Holger
Back to top
View user's profile Send private message
1970
n00b
n00b


Joined: 07 May 2010
Posts: 55

PostPosted: Mon May 04, 2015 4:16 pm    Post subject: Reply with quote

hdcg wrote:
I solved it by changing IPv6 to builtin (CONFIG_IPV6=y).


Thanks Holger!

That solved the problem for me, too. No need anymore for custom init script with CONFIG_IPV6=y.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum