Line 9: |
Line 9: |
| | | |
| Feel free to add notes and comments. | | Feel free to add notes and comments. |
| + | |
| + | {{Warning box|Code below is highly experimental. Do NOT try it on a production server.}} |
| | | |
| ===Commentary=== | | ===Commentary=== |
Line 54: |
Line 56: |
| Remember that IPv6 address are public facing. I have not done any work on firewalling. | | Remember that IPv6 address are public facing. I have not done any work on firewalling. |
| | | |
| + | Some other brief thoughts: |
| | | |
| + | * Tunneled 6to4 |
| + | * Native IPv6 block from ISP |
| + | * DHCP/DNS in Koozali |
| + | * Routed using public IP and private address space? |
| | | |
| ====Enable networking==== | | ====Enable networking==== |
| | | |
− | Currently disabled.
| + | {{Warning box|Code below is highly experimental. TESTING ONLY. Do NOT try it on a production server as you will almost certainly get hacked}} |
| + | |
| + | IPv6 currently disabled. |
| | | |
| Get your Gateway IP "Server IPv6 Address:" and set it here: | | Get your Gateway IP "Server IPv6 Address:" and set it here: |
Line 115: |
Line 124: |
| } | | } |
| | | |
− | Followed by post-upgrade/reboot.
| + | {{Warning box|If you run the following command your server will have a public IP and NO firewall. You have been warned}} |
| + | |
| + | signal-event post-upgrade;signal-event reboot. |
| | | |
| You should get an automatic IP assigned from your Hurricane pool. | | You should get an automatic IP assigned from your Hurricane pool. |
Line 155: |
Line 166: |
| ====Services==== | | ====Services==== |
| | | |
− | List of other affected services | + | List of other affected services and vague efforts to get IPv6 running for them. |
| | | |
| httpd | | httpd |
| + | |
| email | | email |
| + | |
| smbd | | smbd |
| + | |
| mysql (already listens for tcp6/3313) | | mysql (already listens for tcp6/3313) |
| + | |
| ntpd (already listens on udp6/123) | | ntpd (already listens on udp6/123) |
| + | |
| sshd as below | | sshd as below |
| | | |
− | SSH (bad hack here so careful as this may open your server up to remote access) | + | ldap as below |
| + | |
| + | =====SSH===== (bad hack here so careful as this may open your server up to remote access) |
| | | |
| mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config | | mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config |
Line 188: |
Line 206: |
| ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c | | ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c |
| | | |
| + | =====LDAP===== |
| + | |
| + | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/slapd |
| + | nano /etc/e-smith/templates-custom/etc/sysconfig/slapd/40OPTIONS |
| + | |
| + | Add this code: |
| + | |
| + | { |
| + | { |
| + | # Any custom options |
| + | #SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 " |
| + | my $slapdOptions = "#Test"; |
| + | my $logLevel = $ldap{LogLevel} || 256; |
| + | if ($IPv6{'status'} eq "enabled") { |
| + | $slapdOptions = "SLAPD_OPTIONS=\"-d $logLevel -s 0\" " ; |
| + | } else { |
| + | $slapdOptions = "SLAPD_OPTIONS=\"-4 -d $logLevel -s 0\" " ; |
| + | } |
| + | $OUT .= "# Any custom options\n"; |
| + | $OUT .= "$slapdOptions\n"; |
| + | } |
| + | |
| + | Edited the unit file /usr/lib/systemd/system/ldap.service to comment out the Environment line and just leave the config file |
| + | |
| + | #Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0" |
| + | EnvironmentFile=/etc/sysconfig/slapd |
| + | |
| + | systemctl daemon-reload |
| + | systemctl restart ldap.service |
| + | |
| + | '''However, /usr/sbin/cpu is not IPv6 aware and is unmaintained.''' |
| + | |
| + | We can bypass this and force IPv4 by editing: |
| + | |
| + | /etc/cpu-system.conf |
| + | |
| + | Modify the template and change localhost to 127.0.0.1 |
| + | |
| + | [LDAP] |
| + | LDAP_HOST = 127.0.0.1 |
| + | LDAP_PORT = 389 |
| | | |
| ===Other notes=== | | ===Other notes=== |