Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-12-03 Thread Christoph Anton Mitterer 
On Wed, 2015-12-02 at 10:36 +0100, Guus Sliepen wrote:
> /u/s/d/ifupdown/examples/network-interfaces.gz seems to be rather
> > limited and perhaps in some places even outdated, for example it
> > says:
> > - "The loopback interface isn't really required any longer"
> > That shouls perhaps rather be something like "it doesn't need to be
> > set
> > up by ifupdown anymore [as it's already set up by xyz]".
> 
> Yes, it could use a makeover.
Do you want to put the ideas in a separate wishlist bug?


> Well, there is only so much you can do with examples. You would like
> to
> see that example because it matches your needs, but everyone has
> different requirements.
Sure, but I think there are some quite general cases (e.g. every one
with a desktop system will have wifi+v4+v6),... everyone with a server
will have static+v4+v6... and many people have some kind of VPN.

Plus, examples can also be used to demonstrate more general concepts,
like the "merging".


> > iface wlan0-bar all
> > wpa-ssidbar
> > wpa-key-mgmtWPA-PSK
> > wpa-psk foo
> > 
> > iface wlan0-bar inet dhcp
> > iface wlan0-bar inet6 dhcp
> 
> If anything, I'd rather have ifupdown automatically detect the
> address
> type from the address option, and allow multiple ones, so you could
> do:
> 
> iface wlan0-bar
>   wpa-ssid bar
>   wpa-psk foo
>   address 1.2.3.4/24
>   gateway 1.2.3.1
>   address 2000::1234/24
>   gateway 2000::1
>   ...

Well,... well in any case,... any such change would be very well
thought, so that it's simple but powerful enough to allow "any" kind of
connections / setups people want to describe.

> And maybe have dhcp and dhcp6 as options below the iface line. But
> that's all cosmetic, and people don't like needless changes, so this
> would be low priority.
I agree in a way, but OTOH /e/n/interfaces syntax has IMHO become kind
of a limiting factor to really generically describe what a connection
should look like.
This starts with the problem that it's protocol-family-centric (i.e.
that's already encoded in the iface line), while nowadays connections
typically are not.
They're dual-stacked, and more protocols (VPN) may run on top of them.



> Thanks for all your comments by the way, it's always good to hear
> what
> other people think :) I'll try to address them in future versions.

Thanks for your work on ifupdown =)

Chris.

smime.p7s
Description: S/MIME cryptographic signature

Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-12-02 Thread Guus Sliepen 
On Wed, Dec 02, 2015 at 03:58:19AM +0100, Christoph Anton Mitterer wrote:

> > DHCPv6 requires a link-local address. Unfortunately, the ISC DHCP
> > client immediately bails out if the interface doesn't have a
> > link-local address. It would have been nice if it would just go to
> > the background and wait until one appears. I'll work around it by
> > having ifup wait for a link-local address right before starting the
> > DHCP client.
> 
> Did you report that upstream (i.e. that it doesn't bail out)?

Not yet, there might be some other solution I've overlooked.

> /u/s/d/ifupdown/examples/network-interfaces.gz seems to be rather
> limited and perhaps in some places even outdated, for example it says:
> - "The loopback interface isn't really required any longer"
> That shouls perhaps rather be something like "it doesn't need to be set
> up by ifupdown anymore [as it's already set up by xyz]".

Yes, it could use a makeover.

> > In general, if you run "ifup foo", it will act as if it runs all
> > "iface foo" stanzas in /etc/network/interfaces in sequence. So if
> > will first try to bring up your inet stanza, which in turn will
> > configure wpa-supplicant. Then it brings up the inet6 stanza, but
> > you don't need to repeat the wpa-* options.
> 
> Ah good to know... so it does some kind of "merging".
> I think that should be more clearly explained like you did it just here
> in the manpage... AFAICS, there is no section which really describes
> that thoroughly.

Yes.

> And perhaps additionally in the example interfaces file using one as I
> did with wifi + v4/v6 + wpa-*.
> Maybe even one with eth, like:
> iface eth0 inet dhcp
> iface eth0 inet6 dhcp
> iface eth0 inet manual
>       up vpnc foo
> 
> And tell people:
> First it will bring v4 and v6 DHCP up... afterwards it will do the
> vpnc.

Well, there is only so much you can do with examples. You would like to
see that example because it matches your needs, but everyone has
different requirements. Too many examples or very complex examples also
won't help. But I'll try to remove some outdated stuff and ensure the
more common situations have a proper example.

> And perhaps it would be cleaner (in terms of config file language) to
> have a pseudo family for shared options so that one can e.g. specify
> something like that:
> 
> iface wlan0-bar all
> wpa-ssidbar
> wpa-key-mgmtWPA-PSK
> wpa-psk foo
> 
> iface wlan0-bar inet dhcp
> iface wlan0-bar inet6 dhcp

If anything, I'd rather have ifupdown automatically detect the address
type from the address option, and allow multiple ones, so you could do:

iface wlan0-bar
wpa-ssid bar
wpa-psk foo
address 1.2.3.4/24
gateway 1.2.3.1
address 2000::1234/24
gateway 2000::1
...

And maybe have dhcp and dhcp6 as options below the iface line. But
that's all cosmetic, and people don't like needless changes, so this
would be low priority.

Thanks for all your comments by the way, it's always good to hear what
other people think :) I'll try to address them in future versions.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: Digital signature

Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-12-01 Thread Christoph Anton Mitterer 
On Tue, 2015-12-01 at 22:28 +0100, Guus Sliepen wrote:
> Ok, finally reproduced it. The problem is that apparently, the Linux
> kernel waits with assigning an IPv6 link-local address until the
> interface sees a "carrier". For wireless interfaces, that means it
> waits
> until it has associated with the base station. DHCPv6 requires a
> link-local address. Unfortunately, the ISC DHCP client immediately
> bails
> out if the interface doesn't have a link-local address. It would have
> been nice if it would just go to the background and wait until one
> appears. I'll work around it by having ifup wait for a link-local
> address right before starting the DHCP client.
Did you report that upstream (i.e. that it doesn't bail out)?



> The loopback interface is always a bit special, and doesn't follow
> the
> rules of other interfaces.
Sure it's not that I'd complain... what I kinda miss is a best-
practises/examples documentation on how people *should* lay out their
ifupdown configuration (i.e. /e/n/interfaces).


/u/s/d/ifupdown/examples/network-interfaces.gz seems to be rather
limited and perhaps in some places even outdated, for example it says:
- "The loopback interface isn't really required any longer"
That shouls perhaps rather be something like "it doesn't need to be set
up by ifupdown anymore [as it's already set up by xyz]".

- The way it shows how to configure multiple addresses per iface:
# iface eth0 inet static
# address 192.168.0.100/24
# gateway 192.168.0.1
# iface eth0:1 inet static
# address 192.168.0.200
# netmask 255.255.255.0
is as far less preferred over:
# iface eth0 inet static
# address 192.168.0.100/24
# gateway 192.168.0.1
# iface eth0 inet static
# address 192.168.0.200
# netmask 255.255.255.0

I.e. I think it should be pointed more out that the later is preferred
when you just want more addresses, while the former really gives you
addition virtual ifaces (which most people probably wouldn't need).



> In general, if you run "ifup foo", it will act as if it runs all
> "iface
> foo" stanzas in /etc/network/interfaces in sequence. So if will first
> try to bring up your inet stanza, which in turn will configure
> wpa-supplicant. Then it brings up the inet6 stanza, but you don't
> need
> to repeat the wpa-* options.
Ah good to know... so it does some kind of "merging".
I think that should be more clearly explained like you did it just here
in the manpage... AFAICS, there is no section which really describes
that thoroughly.
And perhaps additionally in the example interfaces file using one as I
did with wifi + v4/v6 + wpa-*.
Maybe even one with eth, like:
iface eth0 inet dhcp
iface eth0 inet6 dhcp
iface eth0 inet manual
      up vpnc foo

And tell people:
First it will bring v4 and v6 DHCP up... afterwards it will do the
vpnc.


> That's a bad idea. But if you want, you can separate the wpa-
> supplicant
> stuff from the IPv4 and IPv6 configuration, like so:
> 
> iface wlan0-bar inet manual
>   wpa-ssidbar
>   wpa-key-mgmtWPA-PSK
>   wpa-psk foo
> 
> iface wlan0-bar inet dhcp
> iface wlan0-bar inet6 dhcp

I see... again, it would be (at least for me) a bit unclear, from the
manpage, that "manual" actually gets run here ("interfaces for which no
configuration is done by default")...
And perhaps it would be cleaner (in terms of config file language) to
have a pseudo family for shared options so that one can e.g. specify
something like that:

iface wlan0-bar all
wpa-ssidbar
wpa-key-mgmtWPA-PSK
wpa-psk foo

iface wlan0-bar inet dhcp
iface wlan0-bar inet6 dhcp

iface wlan0-bar all
        vpnc foo

With "all" being poor naming for "done for all families" or and it
should allow (if not already the case) to have such section several
times like above:
1) set up wpa
2) run v4 dhcp
3) run v6 dhcp
4) set up some tunnel, once v4 and/or v6 addresses are there.



> > => which leads to the question, what happens if I do that with
> > scripts:
> > iface eth0 inet dhcp
> > post-up vpnc something
> > pre-down vpnc-disconnect
> > iface eth0 inet6 dhcp
> > post-up vpnc something
> > pre-down vpnc-disconnect
> 
> It would execute the scripts twice.
Sounds logical,... but also something, that would be IMHO good to have
clearly shown in the docs/examples.


Thanks again for your efforts and best wishes,
Chris.

smime.p7s
Description: S/MIME cryptographic signature

Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-11-30 Thread Christoph Anton Mitterer 
On Mon, 2015-11-30 at 09:09 +0100, Guus Sliepen wrote:
> > Well but why wouldn't it get the RAs for v4 and not for v6?
> There is no RA for IPv4, only DHCP.
Argl... that's why I shouldn't write mails so late in the evening.

I meant: why would it get the RAs via ethernet, but not via Wifi :D


> > > And if I have just:
> > > iface wlan0-bar inet6 dhcp|auto
> > > wpa-ssidbar
> > > 
> > > wpa-key-mgmtWPA-PSK
> > > wpa-psk foo
> > I even get:
> > # ifup wlan0
> > wpa_supplicant: /sbin/wpa_supplicant daemon failed to start
> > run-parts: /etc/network/if-pre-up.d/wpasupplicant exited with
> > return code 1
> > Failed to bring up wlan0-bar.
> 
> Ah, I'll try to reproduce this problem.
Thanks. :)


I also don't yet understand the basic idea of how especially dual
stacked ifaces (and basically most network connections are dual stacked
these days) should be properly described in /e/n/interfaces.

For lo, people typically just use:
iface lo inet loopback
and no second
iface lo inet6 loopback

For others, typically eth/wlan I wonder a bit what's the way of doing
it correctly:
a) like you said
iface wlan0-bar inet dhcp
        wpa-ssidbar

        wpa-key-mgmtWPA-PSK
        wpa-psk foo
iface wlan0-bar inet6 dhcp|auto
=> what if v4 would become disabled there? would it still apply the
wpa-settings to the connection?

b) or doubling everything:
iface wlan0-bar inet dhcp
        wpa-ssidbar

        wpa-key-mgmtWPA-PSK
        wpa-psk foo
iface wlan0-bar inet6 dhcp|auto
        wpa-ssidbar

        wpa-key-mgmtWPA-PSK
        wpa-psk foo

=> which leads to the question, what happens if I do that with scripts:
iface eth0 inet dhcp
post-up vpnc something
pre-down vpnc-disconnect
iface eth0 inet6 dhcp
post-up vpnc something
pre-down vpnc-disconnect


Cheers,
Chris.

smime.p7s
Description: S/MIME cryptographic signature

Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-11-30 Thread Guus Sliepen 
On Mon, Nov 30, 2015 at 12:34:40AM +0100, Christoph Anton Mitterer wrote:

> On Sun, 2015-11-29 at 23:21 +0100, Guus Sliepen wrote:
> 
> > This is not a bug in ifupdown. In both cases, you have instructed
> > ifupdown to start only a DHCPv4 client. It could be that, in the
> > first case, the kernel automatically configures an IPv6 address
> > based on router advertisement messages that it receives via the eth0
> > interface (ie, SLAAC).
> 
> Well but why wouldn't it get the RAs for v4 and not for v6?

There is no RA for IPv4, only DHCP. You have to explicitly run a DHCP
client to get an automatically assigned IPv4 address. With IPv6, there
is stateless autoconfiguration (SLAAC) and there is DHCPv6. The kernel
handles the former but you again need to explicitly start a DHCPv6
client to get an address from a DHCPv6 server.

> And if I have just:
> >iface wlan0-bar inet6 dhcp|auto
> >wpa-ssidbar
> >
> >wpa-key-mgmtWPA-PSK
> >wpa-psk foo
> I even get:
> # ifup wlan0
> wpa_supplicant: /sbin/wpa_supplicant daemon failed to start
> run-parts: /etc/network/if-pre-up.d/wpasupplicant exited with return code 1
> Failed to bring up wlan0-bar.

Ah, I'll try to reproduce this problem.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: Digital signature

Bug#806673: ifupdown: doesn't configure IPv6 addresses over WLAN anymore

2015-11-29 Thread Christoph Anton Mitterer 
Package: ifupdown
Version: 0.7.54
Severity: important



Hi.

Since NM is more or less forced upon people I usually us that for
daily network configuration... so I don't know when the following
problem started.

When I configure a iface like this:
> iface eth0 inet dhcp
then I get (from the same router) both, v4 and v6 addresses.

However, when having something similar for a wlan:
>iface wlan0-bar inet dhcp
>wpa-ssidbar
>
>wpa-key-mgmtWPA-PSK
>wpa-psk foo

I only get v4 addresses.

It works with NM, so I don't think it's a misconfiguration
of the router or dhclient.conf.


Now there is obviously the address family inet6 in /e/n/interfaces.
I never understood how that is actually used/needed for.

E.g. as above with eth0, inet already configures v6.
How would one configure e.g. a wlan to also have inet6...
does one really have to duplicate all the wpa-* stanzas
for both inet and inet6?

Or, is in the case of dhcp, inet vs. inet6 rather the family over
which DHCP is tried (i.e. DHCPv4 vs. DHCPv6) and not
the addresses that are configured in the end?


Cheers,
Chris.



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ifupdown depends on:
ii  adduser  3.113+nmu3
ii  initscripts  2.88dsf-59.2
ii  iproute2 4.3.0-1
ii  libc62.19-22
ii  lsb-base 9.20150917

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.3.3-5

Versions of packages ifupdown suggests:
ii  ppp 2.4.6-3.1
pn  rdnssd  

-- debconf information:
  ifupdown/convert-interfaces: true