Monthly Archives: March 2014

Linux User Group Meta, Annual General Meeting – 12/04/14 12hr @ Lambic

Members,

This is to inform you that we shall have our Annual General Meeting held on the 12th of April 2014 at 12hr to 15hr.

Venue: Lambic Conference Room, 4 St. George Street Port louis

Map:
location-plan-black-big
Agenda:
            1. Reading and Approval of Annual Report by Secretary
            2. Reading of Financial Reports by Treasurer.
            3. President’s speech
            3. Payment of membership fees.
            5. AOB
            4. Election of new board members.
ps. Venue is already booked so we cannot cancel this.
pps. A further meeting for executive members to perform handing over, and for executive members to elect office bearers among themselves will be held 3 weeks after this meeting.
ppps: This meeting is Members ONLY.
Sincerely,
Pirabarlen Cheenaramen (Selven)

Secretary of the Linux User Group Meta.

Accessing your web server via IPv6

Being able to run your systems on IPv6, have automatic address assignment and the ability to resolve host names are the necessary building blocks in your IPv6 network infrastructure. Now, that everything is in place it is about time that we are going to enable another service to respond to IPv6 requests. The following article will guide through the steps on how to enable Apache2 httpd to listen and respond to incoming IPv6 requests.

This is the fourth article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

Surfing the web - IPv6 style

Enabling IPv6 connections in Apache 2 is fairly simply. But first let's check whether your system has a running instance of Apache2 or not. You can check this like so:

$ service apache2 status
Apache2 is running (pid 2680).

In case that you got a 'service unknown' you have to install Apache to proceed with the following steps:

$ sudo apt-get install apache2

Out of the box, Apache binds to all your available network interfaces and listens to TCP port 80. To check this, run the following command:

$ sudo netstat -lnptu | grep "apache2\W*$"
tcp6       0      0 :::80                   :::*                    LISTEN      28306/apache2

In this case Apache2 is already binding to IPv6 (and implicitly to IPv4). If you only got a tcp output, then your HTTPd is not yet IPv6 enabled.

Check your Listen directive, depending on your system this might be in a different location than the default in Ubuntu.

$ sudo nano /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Just in case that you don't have a ports.conf file, look for it like so:

$ cd /etc/apache2/
$ fgrep -r -i 'listen' ./*

And modify the related file instead of the ports.conf. Which most probably might be either apache2.conf or httpd.conf anyways.

Okay, please bear in mind that Apache can only bind once on the same interface and port. So, eventually, you might be interested to add another port which explicitly listens to IPv6 only. In that case, you would add the following in your configuration file:

Listen 80
Listen [2001:db8:bad:a55::2]:8080

But this is completely optional... Anyways, just to complete all steps, you save the file, and then check the syntax like so:

$ sudo apache2ctl configtest
Syntax OK

Ok, now let's apply the modifications to our running Apache2 instances:

$ sudo service apache2 reload
 * Reloading web server config apache2
   ...done.

$ sudo netstat -lnptu | grep "apache2\W*$"                                                                                              
tcp6       0      0 2001:db8:bad:a55:::8080 :::*                    LISTEN      5922/apache2   
tcp6       0      0 :::80                   :::*                    LISTEN      5922/apache2

There we have two daemons running and listening to different TCP ports.

Now, that the basics are in place, it's time to prepare any website to respond to incoming requests on the IPv6 address. Open up any configuration file you have below your sites-enabled folder.

$ ls -al /etc/apache2/sites-enabled/
...

$ sudo nano /etc/apache2/sites-enabled/000-default

<VirtualHost *:80 [2001:db8:bad:a55::2]:8080>
        ServerAdmin [email protected]
        ServerName server.ios.mu
        ServerAlias server

Here, we have to check and modify the VirtualHost directive and enable it to respond to the IPv6 address and port our web server is listening to. Save your changes, run the configuration test and reload Apache2 in order to apply your modifications. After successful steps you can launch your favourite browser and navigate to your IPv6 enabled web server.

Accessing an IPv6 address in the browser
Accessing an IPv6 address in the browser

That looks like a successful surgery to me...

Note: In case that you received a timeout, check whether your client is operating on IPv6, too.

Enabling DNS for IPv6 infrastructure

After successful automatic distribution of IPv6 address information via DHCPv6 in your local network it might be time to start offering some more services. Usually, we would use host names in order to communicate with other machines instead of their bare IPv6 addresses. During the following paragraphs we are going to enable our own DNS name server with IPv6 address resolving.

This is the third article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

What's your name and your IPv6 address?

$ sudo service bind9 status
 * bind9 is running

If the service is not recognised, you have to install it first on your system. This is done very easy and quickly like so:

$ sudo apt-get install bind9

Once again, there is no specialised package for IPv6. Just the regular application is good to go.

But of course, it is necessary to enable IPv6 binding in the options. Let's fire up a text editor and modify the configuration file.

$ sudo nano /etc/bind/named.conf.options

acl iosnet {
        127.0.0.1;
        192.168.1.0/24;
        ::1/128;
        2001:db8:bad:a55::/64;
};

listen-on { iosnet; };
listen-on-v6 { any; };

allow-query { iosnet; };
allow-transfer { iosnet; };

Most important directive is the listen-on-v6. This will enable your named to bind to your IPv6 addresses specified on your system. Easiest is to specify any as value, and named will bind to all available IPv6 addresses during start. More details and explanations are found in the man-pages of named.conf.

Save the file and restart the named service. As usual, check your log files and correct your configuration in case of any logged error messages. Using the netstat command you can validate whether the service is running and to which IP and IPv6 addresses it is bound to, like so:

$ sudo service bind9 restart

$ sudo netstat -lnptu | grep "named\W*$"
tcp        0      0 192.168.1.2:53        0.0.0.0:*               LISTEN      1734/named     
tcp        0      0 127.0.0.1:53          0.0.0.0:*               LISTEN      1734/named     
tcp6       0      0 :::53                 :::*                    LISTEN      1734/named     
udp        0      0 192.168.1.2:53        0.0.0.0:*                           1734/named     
udp        0      0 127.0.0.1:53          0.0.0.0:*                           1734/named     
udp6       0      0 :::53                 :::*                                1734/named 

 Sweet! Okay, now it's about time to resolve host names and their assigned IPv6 addresses using our own DNS name server.

$ host -t aaaa www.6bone.net 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:

www.6bone.net is an alias for 6bone.net.
6bone.net has IPv6 address 2001:5c0:1000:10::2

Alright, our newly configured BIND named is fully operational.

Eventually, you might be more familiar with the dig command. Here is the same kind of IPv6 host name resolve but it will provide more details about that particular host as well as the domain in general.

$ dig @2001:db8:bad:a55::2 www.6bone.net. AAAA

More details on the Berkeley Internet Name Domain (bind) daemon and IPv6 are available in Chapter 22.1 of Peter Bieringer's HOWTO on IPv6.

Setting up your own DNS zone

Now, that we have an operational named in place, it's about time to implement and configure our own host names and IPv6 address resolving. The general approach is to create your own zone database below the bind folder and to add AAAA records for your hosts. In order to achieve this, we have to define the zone first in the configuration file named.conf.local.

$ sudo nano /etc/bind/named.conf.local

//
// Do any local configuration here
//
zone "ios.mu" {
        type master;
        file "/etc/bind/zones/db.ios.mu";
};

Here we specify the location of our zone database file. Next, we are going to create it and add our host names, our IP and our IPv6 addresses.

$ sudo nano /etc/bind/zones/db.ios.mu

$ORIGIN .
$TTL 259200     ; 3 days
ios.mu                  IN SOA  ios.mu. hostmaster.ios.mu. (
                                2014031101 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      server.ios.mu.
$ORIGIN ios.mu.
server                  A       192.168.1.2
server                  AAAA    2001:db8:bad:a55::2
client1                 A       192.168.1.3
client1                 AAAA    2001:db8:bad:a55::3
client2                 A       192.168.1.4
client2                 AAAA    2001:db8:bad:a55::4

With a couple of machines in place, it's time to reload that new configuration.

Note: Each time you are going to change your zone databases you have to modify the serial information, too. Named loads the plain text zone definitions and converts them into an internal, indexed binary format to improve lookup performance. If you forget to change your serial then named will not use the new records from the text file but the indexed ones. Or you have to flush the index and force a reload of the zone.

This can be done easily by either restarting the named:

$ sudo service bind9 restart

or by reloading the configuration file using the name server control utility - rndc:

$ sudo rndc reconfig

Check your log files for any error messages and whether the new zone database has been accepted. Next, we are going to resolve a host name trying to get its IPv6 address like so:

$ host -t aaaa server.ios.mu. 2001:db8:bad:a55::2
Using domain server:
Name: 2001:db8:bad:a55::2
Address: 2001:db8:bad:a55::2#53
Aliases:

server.ios.mu has IPv6 address 2001:db8:bad:a55::2

Looks good.

Alternatively, you could have just ping'd the system as well using the ping6 command instead of the regular ping:

$ ping6 server
PING server(2001:db8:bad:a55::2) 56 data bytes
64 bytes from 2001:db8:bad:a55::2: icmp_seq=1 ttl=64 time=0.615 ms
64 bytes from 2001:db8:bad:a55::2: icmp_seq=2 ttl=64 time=0.407 ms
^C
--- ios1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.407/0.511/0.615/0.104 ms

That also looks promising to me. How about your configuration?

Next, it might be interesting to extend the range of available services on the network. One essential service would be to have web sites at hand.

DHCPv6: Provide IPv6 information in your local network

Even though IPv6 might not be that important within your local network it might be good to get yourself into shape, and be able to provide some details of your infrastructure automatically to your network clients.

This is the second article in a series on IPv6 configuration:

Piece of advice: This is based on my findings on the internet while reading other people's helpful articles and going through a couple of man-pages on my local system.

IPv6 addresses for everyone (in your network)

Okay, after setting up the configuration of your local system, it might be interesting to enable all your machines in your network to use IPv6. There are two options to solve this kind of requirement... Either you're busy like a bee and you go around to configure each and every system manually, or you're more the lazy and effective type of network administrator and you prefer to work with Dynamic Host Configuration Protocol (DHCP). Obviously, I'm of the second type.

Enabling dynamic IPv6 address assignments can be done with a new or an existing instance of a DHCPd. In case of Ubuntu-based installation this might be isc-dhcp-server. The isc-dhcp-server allows address pooling for IP and IPv6 within the same package, you just have to run to independent daemons for each protocol version. First, check whether isc-dhcp-server is already installed and maybe running your machine like so:

$ service isc-dhcp-server6 status

In case, that the service is unknown, you have to install it like so:

$ sudo apt-get install isc-dhcp-server

Please bear in mind that there is no designated installation package for IPv6.

Okay, next you have to create a separate configuration file for IPv6 address pooling and network parameters called /etc/dhcp/dhcpd6.conf. This file is not automatically provided by the package, compared to IPv4. Again, use your favourite editor and put the following lines:

$ sudo nano /etc/dhcp/dhcpd6.conf

authoritative;
default-lease-time 14400; 
max-lease-time 86400;
log-facility local7;
subnet6 2001:db8:bad:a55::/64 {
    option dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
    option dhcp6.domain-search "ios.mu";
    range6 2001:db8:bad:a55::100 2001:db8:bad:a55::199;
    range6 2001:db8:bad:a55::/64 temporary;
}

Next, save the file and start the daemon as a foreground process to see whether it is going to listen to requests or not, like so:

$ sudo /usr/sbin/dhcpd -6 -d -cf /etc/dhcp/dhcpd6.conf eth0

The parameters are explained quickly as -6 we want to run as a DHCPv6 server, -d we are sending log messages to the standard error descriptor (so you should monitor your /var/log/syslog file, too), and we explicitely want to use our newly created configuration file (-cf). You might also use the command switch -t to test the configuration file prior to running the server.

In my case, I ended up with a couple of complaints by the server, especially reporting that the necessary lease file wouldn't exist. So, ensure that the lease file for your IPv6 address assignments is present:

$ sudo touch /var/lib/dhcp/dhcpd6.leases
$ sudo chown dhcpd:dhcpd /var/lib/dhcp/dhcpd6.leases

Now, you should be good to go. Stop your foreground process and try to run the DHCPv6 server as a service on your system:

$ sudo service isc-dhcp-server6 start
isc-dhcp-server6 start/running, process 15883

Check your log file /var/log/syslog for any kind of problems. Refer to the man-pages of isc-dhcp-server and you might check out Chapter 22.6 of Peter Bieringer's IPv6 Howto. The instructions regarding DHCPv6 on the Ubuntu Wiki are not as complete as expected and it might not be as helpful as this article or Peter's HOWTO. But see for yourself.

Does the client get an IPv6 address?

Running a DHCPv6 server on your local network surely comes in handy but it has to work properly. The following paragraphs describe briefly how to check the IPv6 configuration of your clients,

Linux - ifconfig or ip command

First, you have enable IPv6 on your Linux by specifying the necessary directives in the /etc/network/interfaces file, like so:

$ sudo nano /etc/network/interfaces

iface eth1 inet6 dhcp

Note: Your network device might be eth0 - please don't just copy my configuration lines.

Then, either restart your network subsystem, or enable the device manually using the dhclient command with IPv6 switch, like so:

$ sudo dhclient -6

You would either use the ifconfig or (if installed) the ip command to check the configuration of your network device like so:

$ sudo ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:1d:09:5d:8d:98 
          inet addr:192.168.160.147  Bcast:192.168.160.255  Mask:255.255.255.0
          inet6 addr: 2001:db8:bad:a55::193/64 Scope:Global
          inet6 addr: fe80::21d:9ff:fe5d:8d98/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Looks good, the client has an IPv6 assignment. Now, let's see whether DNS information has been provided, too.

$ less /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
nameserver 192.168.1.2
nameserver 127.0.1.1

search ios.mu

Nicely done.

Windows - netsh

Per description on TechNet the netsh is defined as following:

"Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers."

And even though TechNet states that it applies to Windows Server (only), it is also available on Windows client operating systems, like Vista, Windows 7 and Windows 8.

In order to get or even set information related to IPv6 protocol, we have to switch the netsh interface context prior to our queries. Open a command prompt in Windows and run the following statements:

C:\Users\joki>netsh
netsh>interface ipv6
netsh interface ipv6>show interfaces

Show IPv6 network interfaces using netsh command on Windows

Select the device index from the Idx column to get more details about the IPv6 address and DNS server information (here: I'm going to use my WiFi device with device index 11), like so:

netsh interface ipv6>show address 11

Show IPv6 address information using netsh command on Windows

Okay, address information has been provided. Now, let's check the details about DNS and resolving host names:

netsh interface ipv6>show dnsservers 11

Show IPv6 DNS server configuration using netsh command on Windows

Okay, that looks good already. Our Windows client has a valid IPv6 address lease with lifetime information and details about the configured DNS servers.

Talking about DNS server...
Your clients should be able to connect to your network servers via IPv6 using hostnames instead of IPv6 addresses. Please read on about how to enable a local named with IPv6.