Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: IPv6 privacy extensions with connman (Daniel Wagner)
----------------------------------------------------------------------
Message: 1
Date: Wed, 22 May 2019 14:15:01 +0200
From: Daniel Wagner <[email protected]>
To: Christian <[email protected]>
Cc: connman <[email protected]>
Subject: Re: IPv6 privacy extensions with connman
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Christian,
Please no top posting and dropping the mailing list.
On 5/13/19 10:06 AM, Christian wrote:
> Hi Daniel,
>
> thanks for looking into it. My setup is actually quite straight forward.
>
> I am using an Opnsense router that gets an /56 prefix from my provider.
> I delegate a /64 into my local network via router advertisement.
I've played with my network setup and I have similar. That is I get /56
prefix from my provider and have due to Fritbox a /62 prefix length to
my next main gateway. There is still something wrong with the routing
but that's a different story.
> Of course all clients with activated IPv6 get their fe80:: local network
> IPv6, but by the router advertisement all clients get an IPv6 - within
> the prefix - based on their MAC address. That are the "scope global
> dynamic" ones.
> This works with libreelec and connman. Hence you have a globally
> routable IPv6 assigned.
Verified that on my development machine, works as expected.
> For the clients I then activate the privacy extensions, to create an
> "scope global temporary dynamic". This does not work with the connman
> settings I have.
> Within Libreelec the configuration is quite limited, as you can only
> activate IPv6 in the settings or disable it.
I found my RPi and installed LibreELEC on it. As expected it has nothing
to do with the hardware or the LibreELEC system configuration.
After enabling the privacy feature I see:
LibreELEC:/proc # ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP8000> mtu 1500 qlen 1000
inet6 2001:a61:34ab:f4fc:1d1e:2e5c:b866:2754/64 scope global
secondary dynamic
valid_lft 86069sec preferred_lft 14069sec
inet6 2001:a61:34ab:f4fc:ba27:ebff:fed5:60cb/64 scope global dynamic
valid_lft 86069sec preferred_lft 14069sec
inet6 fe80::ba27:ebff:fed5:60cb/64 scope link
valid_lft forever preferred_lft forever
> To set the privacy extensions I added manually to
> "/storage/.cache/connman/settings"
FYI, ConnMan will overwrite this file if ConnMan is running in the
background. Use connmanctrl to modify the settings.
> [WiFi]
> Enable=true
> Tethering=false
> IPv6.privacy=preferred
This doesn't have an effect. The privacy settings are per service.
> Running a connmanctl services on my wifi (similar the wired one) then
> gives me the following (I edited out private infos):
>
> ? Type = wifi
> ? Security = [ psk ]
> ? State = online
> ? Strength = 81
> ? Favorite = True
> ? Immutable = False
> ? AutoConnect = True
> ? Name = Some Wifi Name
> ? Ethernet = [ Method=auto, Interface=wlan0, Address=XX:XX:XX:XX:XX:XX,
> MTU=1500 ]
> ? IPv4 = [ Method=dhcp, Address=192.168.2.196, Netmask=255.255.255.0,
> Gateway=192.168.2.1 ]
> ? IPv4.Configuration = [ Method=dhcp ]
> ? IPv6 = [ Method=auto,
> Address=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, PrefixLength=64,
> Privacy=prefered ]
> ? IPv6.Configuration = [ Method=auto, Privacy=prefered ]
That is looks good, except spelling obviously...
> ? Nameservers = [ 192.168.2.1, xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx ]
> ? Nameservers.Configuration = [??]
> ? Timeservers = [ ptbtime1.ptb.de, ptbtime2.ptb.de, 0.pool.ntp.org,
> 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org ]
> ? Timeservers.Configuration = [??]
> ? Domains = [ xxxxx.xxx ]
> ? Domains.Configuration = [??]
> ? Proxy = [ Method=direct ]
> ? Proxy.Configuration = [??]
> ? mDNS = False
> ? mDNS.Configuration = False
> ? Provider = [??]
>
> As you can see, it picks up the privacy extension config (even though
> with the spelling mistake ;-))
I found the spot where 'prefered' is appended to the D-Bus message. As I
said, by changing this we would break the API. Not sure if this would be
a clever idea.
, but when checking the IPv6s, I only get
> the "fe80:", the "scope global dynamic" and a "scope global secondary
> dynamic".
> The last one seems to be the wrong one, as it should be a "scope global
> temporary dynamic" that deprecates over time.
>
> Let me know if you need any other information.
Are you using DHCPv6 or SLAAC? In my setup I am using SLAAC.
Thanks,
Daniel
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 43, Issue 17
***************************************
