Debian 12 IPv6 client?

[jeremy ardley]

I am testing the alpha 2 release of Debian 12
(I'm quite annoyed they have done away with /var/log/syslog)

My system is "pure" debian 12 and was net installed a few minutes before
my checks. Nothing was changed from the original install.

My problem today is identifying what bit of the system is getting the
IPv6 address. I can find nothing in journalctl

The networking  is pure systemd networkd.service controlled

root@debian12:/etc/network# systemctl status networking
● networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled;
preset: enabled)
     Active: active (exited) since Tue 2023-03-14 12:04:46 AWST; 23min ago
       Docs: man:interfaces(5)
    Process: 299 ExecStart=/sbin/ifup -a --read-environment
(code=exited, status=0/SUCCESS)
    Process: 374 ExecStart=/bin/sh -c if [ -f
/run/network/restart-hotplug ]; then /sbin/ifup -a --read-environment
--allow=hotplug; fi (code=exited, status=0/SUCCESS)
   Main PID: 374 (code=exited, status=0/SUCCESS)
        CPU: 15ms

Mar 14 12:04:46 debian12 systemd[1]: Starting networking.service - Raise
network interfaces...
Mar 14 12:04:46 debian12 systemd[1]: Finished networking.service - Raise
network interfaces.


cat /etc.network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp0s3
iface enp0s3 inet dhcp
# This is an autoconfigured IPv6 interface
iface enp0s3 inet6 auto

Checking dhclient I see

ps ax | grep dhcl
    354 ?        Ss     0:00 dhclient -4 -v -i -pf
/run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df
/var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
    579 pts/0    S+     0:00 grep dhcl

So no dhclient -6 running.

root@debian12:/etc/network# journalctl | grep -i ipv6
Mar 14 11:48:25 debian12 kernel: Segment Routing with IPv6
Mar 14 11:48:25 debian12 kernel: In-situ OAM (IOAM) with IPv6
Mar 14 11:48:25 debian12 kernel: mip6: Mobile IPv6
Mar 14 11:48:26 debian12 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): enp0s3:
link becomes ready
Mar 14 12:04:46 debian12 kernel: Segment Routing with IPv6
Mar 14 12:04:46 debian12 kernel: In-situ OAM (IOAM) with IPv6
Mar 14 12:04:46 debian12 kernel: mip6: Mobile IPv6
Mar 14 12:04:48 debian12 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): enp0s3:
link becomes ready


My question remains. What is getting the IPv6 address and how can I make
configuration changes if required?




Jeremy

[Jeremy Ardley]

On 14/3/23 12:29, jeremy ardley wrote:
> I am testing the alpha 2 release of Debian 12
> (I'm quite annoyed they have done away with /var/log/syslog)
>
> My system is "pure" debian 12 and was net installed a few minutes
> before my checks. Nothing was changed from the original install.
>
> My problem today is identifying what bit of the system is getting the
> IPv6 address. I can find nothing in journalctl
>
> The networking  is pure systemd networkd.service controlled
>

Correction. I mistyped above. My system uses the systemd networking.service

root@debian12:/etc/network# systemctl status networking
● networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled;
preset: enabled)
     Active: active (exited) since Tue 2023-03-14 12:04:46 AWST; 23min ago
       Docs: man:interfaces(5)
    Process: 299 ExecStart=/sbin/ifup -a --read-environment
(code=exited, status=0/SUCCESS)
    Process: 374 ExecStart=/bin/sh -c if [ -f
/run/network/restart-hotplug ]; then /sbin/ifup -a --read-environment
--allow=hotplug; fi (code=exited, status=0/SUCCESS)
   Main PID: 374 (code=exited, status=0/SUCCESS)
        CPU: 15ms

Mar 14 12:04:46 debian12 systemd[1]: Starting networking.service - Raise
network interfaces...
Mar 14 12:04:46 debian12 systemd[1]: Finished networking.service - Raise
network interfaces.

--
Jeremy
(Lists)

[David Wright]

On Tue 14 Mar 2023 at 12:29:22 (+0800), jeremy ardley wrote:
> I am testing the alpha 2 release of Debian 12
> (I'm quite annoyed they have done away with /var/log/syslog)
>
> My system is "pure" debian 12 and was net installed a few minutes
> before my checks. Nothing was changed from the original install.
>
> My problem today is identifying what bit of the system is getting the
> IPv6 address. I can find nothing in journalctl

[ removed the typo ]

> cat /etc.network/interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> source /etc/network/interfaces.d/*
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> allow-hotplug enp0s3
> iface enp0s3 inet dhcp
> # This is an autoconfigured IPv6 interface
> iface enp0s3 inet6 auto

↑↑↑↑↑↑↑↑↑↑

I'm not very familiar with interfaces nowadays, but that looks
as if it's asking for enp0s3 to be autoconfigured with an IPv6
address. I thought that one got an IPv6 link address autoconfigured
anyway—I certainly do.

Did the debian-installer write that line (and comment)?

> Checking dhclient I see
>
> ps ax | grep dhcl
>     354 ?        Ss     0:00 dhclient -4 -v -i -pf
> /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I
> -df /var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
>     579 pts/0    S+     0:00 grep dhcl
>
> So no dhclient -6 running.
>
> root@debian12:/etc/network# journalctl | grep -i ipv6
> Mar 14 11:48:25 debian12 kernel: Segment Routing with IPv6
> Mar 14 11:48:25 debian12 kernel: In-situ OAM (IOAM) with IPv6
> Mar 14 11:48:25 debian12 kernel: mip6: Mobile IPv6
> Mar 14 11:48:26 debian12 kernel: IPv6: ADDRCONF(NETDEV_CHANGE):
> enp0s3: link becomes ready
> Mar 14 12:04:46 debian12 kernel: Segment Routing with IPv6
> Mar 14 12:04:46 debian12 kernel: In-situ OAM (IOAM) with IPv6
> Mar 14 12:04:46 debian12 kernel: mip6: Mobile IPv6
> Mar 14 12:04:48 debian12 kernel: IPv6: ADDRCONF(NETDEV_CHANGE):
> enp0s3: link becomes ready
>
>
> My question remains. What is getting the IPv6 address and how can I
> make configuration changes if required?

What's the output from:

$ ip a

Mine (skipping lo):

2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a4:01:23:45:67:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.14/24 brd 192.168.1.255 scope global dynamic enp3s0
valid_lft 74247sec preferred_lft 74247sec
inet6 fe80::a601:23ff:fe45:6789/64 scope link ← this here
valid_lft forever preferred_lft forever

Cheers,
David.

[Jeremy Ardley]

On 14/3/23 13:15, David Wright wrote:
>
>> cat /etc.network/interfaces
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>>
>> source /etc/network/interfaces.d/*
>>
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # The primary network interface
>> allow-hotplug enp0s3
>> iface enp0s3 inet dhcp
>> # This is an autoconfigured IPv6 interface
>> iface enp0s3 inet6 auto
> ↑↑↑↑↑↑↑↑↑↑
>
> I'm not very familiar with interfaces nowadays, but that looks
> as if it's asking for enp0s3 to be autoconfigured with an IPv6
> address. I thought that one got an IPv6 link address autoconfigured
> anyway—I certainly do.
>
> Did the debian-installer write that line (and comment)?

Yes. It was a result of the installation process identifying the
interface and generating the necessary /etc/network/interfaces

> What's the output from:
>
> $ ip a
>
> Mine (skipping lo):
>
> 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> link/ether a4:01:23:45:67:89 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.14/24 brd 192.168.1.255 scope global dynamic enp3s0
> valid_lft 74247sec preferred_lft 74247sec
> inet6 fe80::a601:23ff:fe45:6789/64 scope link ← this here
> valid_lft forever preferred_lft forever
>

root@debian12:/etc/network# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel

state UP group default qlen 1000

    link/ether 08:00:27:18:b6:ac brd ff:ff:ff:ff:ff:ff
    inet 10.31.40.166/24 brd 10.31.40.255 scope global dynamic enp0s3
       valid_lft 76395sec preferred_lft 76395sec
    inet6 2403:5800:c101:b700:a00:27ff:fe18:b6ac/64 scope global
dynamic mngtmpaddr
       valid_lft 6277sec preferred_lft 2676sec
    inet6 fe80::a00:27ff:fe18:b6ac/64 scope link
       valid_lft forever preferred_lft forever

The difference to yours is  I have a routable IPv6 address in addition
to the local link.

Your  one has  an autogenerated address

inet6 fe80::a601:23ff:fe45:6789/64

This is made as a function of your ethernet interface MAC address

I have an autogenerated address

inet6 fe80::a00:27ff:fe18:b6ac/64

and an address that must have been created as  a result of an RA or DHCP
message as it is prefixed with my IPv6 address range

inet6 2403:5800:c101:b700:a00:27ff:fe18:b6ac/64

I note my two address  have the same tails so I guess my routable IPv6
address is generated from the interface MAC address

I conclude there is no IPv6 DHCP involved but there must be something
that listens to RA announcements and generates a MAC derived address
from that.

I still need to know how to control that as there are options relating
to privacy that can do things like generate an expendable address in a
different way and later generate another and deprecate earlier addresses.

--
Jeremy
(Lists)

[jeremy ardley]

On 14/3/23 16:21, Tim Woodall wrote:

> On Tue, 14 Mar 2023, Jeremy Ardley wrote:
>> I conclude there is no IPv6 DHCP involved but there must be something
>> that listens to RA announcements and generates a MAC derived address
>> from that.
>>
>> I still need to know how to control that as there are options
>> relating to privacy that can do things like generate an expendable
>> address in a different way and later generate another and deprecate
>> earlier addresses.
>>
>>
>

> Just add them to the ipv6 section.
>
> I have
>
> iface xenbr0-active inet6 auto
>         up echo 64
> >/proc/sys/net/ipv6/conf/$IFACE/accept_ra_rt_info_max_plen
>         up ip token set ::128/64 dev $IFACE
>         bridge_ports usb0
>         bridge_stp off       # disable Spanning Tree Protocol
>         bridge_waitport 0    # no delay before a port becomes available
>         bridge_fd 0          # no forwarding delay
>

I had hoped (not very hopefully) the solution wouldn't involve bashing
kernel parameters.

From previous journeys in this area systemd-networkd does a much neater
job and has huge numbers of options.

This is my worstation config

root@client:/etc/systemd/network# cat wired_lan.network

[Match]
Name=enp7s0

[Network]

DHCP=yes

Address=10.31.40.68/24
Gateway=10.31.40.1
DNS=10.31.40.4 10.31.40.5

Address=2403:5800:c101:b700:beef::44/64
IPv6PrivacyExtensions=yes
IPv6AcceptRA=yes

Domains=lan example.com

[IPv6AcceptRA]


--


Jeremy

[Charles Curley]

On Tue, 14 Mar 2023 12:29:22 +0800
jeremy ardley <jer...@ardley.org> wrote:

> (I'm quite annoyed they have done away with /var/log/syslog)

See the README in /var/log for work-arounds.


--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

[David Wright]

On Tue 14 Mar 2023 at 17:06:19 (+0800), jeremy ardley wrote:
> On 14/3/23 16:21, Tim Woodall wrote:
> > On Tue, 14 Mar 2023, Jeremy Ardley wrote:
> > > I conclude there is no IPv6 DHCP involved but there must be
> > > something that listens to RA announcements and generates a MAC
> > > derived address from that.
> > >
> > > I still need to know how to control that as there are options
> > > relating to privacy that can do things like generate an
> > > expendable address in a different way and later generate
> > > another and deprecate earlier addresses.
> >
> > Just add them to the ipv6 section.
> >
> > I have
> >
> > iface xenbr0-active inet6 auto
> >         up echo 64
> > >/proc/sys/net/ipv6/conf/$IFACE/accept_ra_rt_info_max_plen
> >         up ip token set ::128/64 dev $IFACE
> >         bridge_ports usb0
> >         bridge_stp off       # disable Spanning Tree Protocol
> >         bridge_waitport 0    # no delay before a port becomes available
> >         bridge_fd 0          # no forwarding delay

I didn't receive that post, and perhaps I wouldn't understand it
anyway until I'm running bookworm.

> I had hoped (not very hopefully) the solution wouldn't involve bashing
> kernel parameters.
>
> From previous journeys in this area systemd-networkd does a much
> neater job and has huge numbers of options.
>
> This is my worstation config

I hope it gets better :)

> root@client:/etc/systemd/network# cat wired_lan.network
>
> [Match]
> Name=enp7s0
>
> [Network]
>
> DHCP=yes
>
> Address=10.31.40.68/24
> Gateway=10.31.40.1
> DNS=10.31.40.4 10.31.40.5
>
> Address=2403:5800:c101:b700:beef::44/64
> IPv6PrivacyExtensions=yes
> IPv6AcceptRA=yes
>
> Domains=lan example.com
>
> [IPv6AcceptRA]

Any reason for running ifupdown in preference to systemd-networkd
on the enp0s3 machine? All mine run the latter, hence being rusty
on the contents of /e/n/i.

Cheers,
David.

[David Wright]

I get my link address without any configuration by me: nothing like
iface enp0s3 inet6 auto is involved. So that line, unfamiliar to
me as a bullseye user, may be the cause of your routable address
problem. What happens if you take it out?

Cheers,
David.

[Jeremy Ardley]

On 15/3/23 01:53, David Wright wrote:
>
>> I had hoped (not very hopefully) the solution wouldn't involve bashing
>> kernel parameters.
>>
>> From previous journeys in this area systemd-networkd does a much
>> neater job and has huge numbers of options.
>>
>> This is my worstation config
> I hope it gets better :)
>
>> root@client:/etc/systemd/network# cat wired_lan.network
>>
>> [Match]
>> Name=enp7s0
>>
>> [Network]
>>
>> DHCP=yes
>>
>> Address=10.31.40.68/24
>> Gateway=10.31.40.1
>> DNS=10.31.40.4 10.31.40.5
>>
>> Address=2403:5800:c101:b700:beef::44/64
>> IPv6PrivacyExtensions=yes
>> IPv6AcceptRA=yes
>>
>> Domains=lan example.com
>>
>> [IPv6AcceptRA]
> Any reason for running ifupdown in preference to systemd-networkd
> on the enp0s3 machine? All mine run the latter, hence being rusty
> on the contents of /e/n/i.
>

systemd-networkd  is definitely the cleanest way to go. Hence I also
use  it on all my systems

I am only looking at ifup/down as that is the default in bookworm for a
non-graphical install.

I did a bit of experimentation with the installer and you don't get any
options during the install to select networking method. You either get
NetworkManager if you do a graphical install or ifup ifdown non graphical.

I looked at the if-up code in /etc/network/if-up.d/resolved

#!/bin/sh
#
# Script fragment to make ifupdown supply DNS information to resolved
#

I did an graphical install as a test and NetworkManager.service
communicates to systemd-resolved by the internal message bus and I saw
dhcp provided DNS being passed and used by systemd-resolved

Reading the documentation, systemd-resolved is tightly integrated with
systemd-networkd as resolved reads all the systemd-networkd
configuration files. The reverse may not be so true.

The situation now appears to be that networking.service (ifup/ifdown),
NetworkManager.service, systemd-networkd.service all work (or can work)
with systemd-resolved

systemd-networkd *should* be able to update systemd-resolved with DNS
from DHCP but I haven't seen evidence it does so far

--
Jeremy
(Lists)