IPv6 routing between AppVMs #718
Comments
|
Modified by joanna on 1 Aug 2013 11:52 UTC |
marmarek
added
T: enhancement
|
Comment by marmarek on 9 Oct 2014 02:07 UTC |
|
Comment by joanna on 9 Oct 2014 21:32 UTC |
|
Comment by marmarek on 9 Oct 2014 21:53 UTC |
|
Comment by marmarek on 20 Jan 2015 03:43 UTC The only potentially problematic thing is qubes-firewall (per-VM firewall rules). Currently user can set rules based on IP(v4) or name. In case of an IPv4 rule, obviously it is not applicable to IPv6 firewall. In case of a name, it can be - if that name resolves to IPv6 address. But if not - ip6tables will fail loading such rule. In the future we might introduce more advanced firewall configuration, with option to set IPv4 and IPv6 rules explicitly. |
|
@woju I think we forgot about this one when implementing "NetVM" in Qubes 4.0... |
|
I'm a little bit disappointed now. I was looking forward to setup and use Qubes OS. Finally with a new machine I did this today using Qubes OS 3.2 rc 2. I struggled a bit with networking (so my hope is I'm doing something wrong) but finally I got it working. But I did not get an IPv6 assigned (This works properly in my network). So to be clear: This really means as of today there is no IPv6 in Quebes and for the future you are looking to NAT it ? I would be happy to "turn" off all firewall features of Qubes OS since I got this covered by an rather extensive network setup. Is this an option ? |
|
On Fri, Aug 12, 2016 at 03:30:41PM -0700, iggs0 wrote:
Yes.
It depends what you call "all firewall features". You don't need to use But you can't disable NAT. This is rather unavoidable(*) with tree-like (*) without modifying every routing table in your LAN. Best Regards, |
This rewrite is mainly to adopt new interface for Qubes 4.x. Main changes: - change language from bash to python, introduce qubesagent python package - support both nftables (preferred) and iptables - new interface (https://qubes-os.org/doc/vm-interface/) - IPv6 support - unit tests included - nftables version support running along with other firewall loaded Fixes QubesOS/qubes-issues#1815 QubesOS/qubes-issues#718
|
Script mentioned above: marmarek/qubes-core-agent-linux@789eb51 |
Add property for IPv6 address ('ip6'). Build default value similarly to
IPv4 - common prefix + QID or Disp ID (for DispVMs).
This all is disabled unless 'ipv6' feature is enabled. It is inherited
from netvm (not template).
Even when enabled, VM may decide to not use it - or simply not support
it.
QubesOS/qubes-issues#718
Add property for IPv6 address ('ip6'). Build default value similarly to
IPv4 - common prefix + QID or Disp ID (for DispVMs).
This all is disabled unless 'ipv6' feature is enabled. It is inherited
from netvm (not template).
Even when enabled, VM may decide to not use it - or simply not support
it.
QubesOS/qubes-issues#718
Check produced libvirt XML, and QubesDB entries QubesOS/qubes-issues#718
Run also all IPv4 tests with IPv6 enabled to check for regressions (broken IPv4 because of enabled IPv6). QubesOS/qubes-issues#718
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
This include fix for memory leak. QubesOS/qubes-issues#718
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The component |
Reported by joanna on 24 Feb 2013 15:33 UTC
None
Migrated-From: https://wiki.qubes-os.org/ticket/718
The text was updated successfully, but these errors were encountered: