Hi G8SEZ,
No problem I understand perfectly the spirit, it is not a problem for me.
The only thing is that there is nothing to create in this case IP includes V4 and V6 , it should not be split , the use of V4 and/or v6- should be left to the user’s choices and wishes.
A friend of mine has ipv6 available on his pi-star, he uses it locally and also for remote connection with other friends for debug , help and diagnostic activity …
Could anybody justify this regression ? What for ?
Best regards
F1GYG Patrick
pi-star and ipv6
Re: pi-star and ipv6
It's not a regression for Pi-Star, Andy built an image that fitted on a 2GB card and there wasn't room for additional packages. I don't remember exactly when the last Pi-Star series (4.x) was created but I am not aware of any official Pi-Star image that supported IPv6 from launch.
--
Brian G8SEZ
Brian G8SEZ
Re: pi-star and ipv6
There is no regression here: Buster (and Bullseye) versions of Pi-Star support IPV6!
https://unix.stackexchange.com/question ... pv6-folder
Run these commands:
You should see something like this:
https://unix.stackexchange.com/question ... pv6-folder
Run these commands:
Code: Select all
sudo modprobe configs; zcat /proc/config.gz | grep CONFIG_IPV6=
sudo modprobe -c | grep "options ipv6"
grep "disable_ipv6" /etc/sysctl.conf /etc/sysctl.d/*.conf
grep CONFIG_IPV6= /boot/config-$(uname -r) 2>/dev/null
cat /etc/modprobe.d/ipv6.conf
Code: Select all
═pi-star@pi-star(ro)═[/home/pi-star] : sudo modprobe configs; zcat /proc/config.gz | grep CONFIG_IPV6=
CONFIG_IPV6=m
═pi-star@pi-star(ro)═[/home/pi-star]: sudo modprobe -c | grep "options ipv6"
alias symbol:__ipv6_fixup_options ipv6
alias symbol:fl6_merge_options ipv6
alias symbol:ipv6_dup_options ipv6
═pi-star@pi-star(ro)═[/home/pi-star]: grep "disable_ipv6" /etc/sysctl.conf /etc/sysctl.d/*.conf
/etc/sysctl.conf:net.ipv6.conf.all.disable_ipv6 = 1
/etc/sysctl.d/99-sysctl.conf:net.ipv6.conf.all.disable_ipv6 = 1
═pi-star@pi-star(ro)═[/home/pi-star]: grep CONFIG_IPV6= /boot/config-$(uname -r) 2>/dev/null
═pi-star@pi-star(ro)═[/home/pi-star]: cat /etc/modprobe.d/ipv6.conf
# Don't load ipv6 by default
alias net-pf-10 off
alias ipv6 off
Re: pi-star and ipv6
Hello Brian,
To the first following commands passed to the pi-star's console :
sudo modprobe configs; zcat /proc/config.gz | grep CONFIG_IPV6=
sudo modprobe -c | grep "options ipv6"
grep "disable_ipv6" /etc/sysctl.conf /etc/sysctl.d/*.conf
I get exactly the answers you mentionned.
To the fourth one :
grep CONFIG_IPV6= /boot/config-$(uname -r) 2>/dev/null
I get :
nothing !
to the 5 th one:
cat /etc/modprobe.d/ipv6.conf
I get :
# Don't load ipv6 by default
alias net-pf-10 off
alias ipv6 off
I do not know if this means something to you ?
Best regards and thanks for your answer
Patrick F1GYG
To the first following commands passed to the pi-star's console :
sudo modprobe configs; zcat /proc/config.gz | grep CONFIG_IPV6=
sudo modprobe -c | grep "options ipv6"
grep "disable_ipv6" /etc/sysctl.conf /etc/sysctl.d/*.conf
I get exactly the answers you mentionned.
To the fourth one :
grep CONFIG_IPV6= /boot/config-$(uname -r) 2>/dev/null
I get :
nothing !
to the 5 th one:
cat /etc/modprobe.d/ipv6.conf
I get :
# Don't load ipv6 by default
alias net-pf-10 off
alias ipv6 off
I do not know if this means something to you ?
Best regards and thanks for your answer
Patrick F1GYG
Re: pi-star and ipv6
Hello All
I finally solved this problem .
The IPv6 is disabled on purpose.
The default configuration (with no ipv6) is not acceptable today , I guess that this si due to the poor security of the pistar package under buster.
Upgrading the package toward Bulseye could solve the security problem (no more pi or pi-star super user with root privilege ...a root password should be given )
Best regard
F1GYG Patrick
*** If you now want to talk users through updatimg their firwalls and other security measures that would be required after ur listed mods, i'll happily reinstate ur post.
The whole ethos of pistar is to enable those with little to 0 linux ability to get going with mmdvm. Leaving them to continue with broad statememts of now just do this, do that will not help them in any way. Especially given your mod leaves them wide open, until they themselves fix the security issues your posted mod leaves them with.
I finally solved this problem .
The IPv6 is disabled on purpose.
The default configuration (with no ipv6) is not acceptable today , I guess that this si due to the poor security of the pistar package under buster.
Upgrading the package toward Bulseye could solve the security problem (no more pi or pi-star super user with root privilege ...a root password should be given )
Best regard
F1GYG Patrick
*** If you now want to talk users through updatimg their firwalls and other security measures that would be required after ur listed mods, i'll happily reinstate ur post.
The whole ethos of pistar is to enable those with little to 0 linux ability to get going with mmdvm. Leaving them to continue with broad statememts of now just do this, do that will not help them in any way. Especially given your mod leaves them wide open, until they themselves fix the security issues your posted mod leaves them with.
Re: pi-star and ipv6
Hello,
I agree for the need for ease to use, installation, configuration ! I know that it is very important for many users.
But today IP includes ipv4 AND ipv6 , there is no option as the number of ipv4 addresses is becoming very low. On an other hand it turns out that ipv6 routing is more efficient and more secure (encrypted frames).
So , both, ipv4 and V6 should be available on pi-star as most of ISP's do so.
So I think that a default firewall based upon itptables (v4 and v6) is still necessary of course, but while offering a way to allow connections (remote ipv6 access) with strong security (certificates or strong password). This is no more that what we can do with a simple Raspberry pi4 today or even on a windows computer.
Also , I see that the actual op-sys release based upon "buster" is still offering super-users with "no password" , a migration toward " Bullseye "would be more than necessary (no more pi or pi-star super-users) because it is a big security hole ...
Under Bullseye the root super-user password is only known (should be) by the owner of the raspberry, this is very important for the whole security of the system.
Best regards
Patrick F1GYG
Code: Select all
If you now want to talk users through updatimg their firwalls and other security measures that would be required after ur listed mods, i'll happily reinstate ur post.
The whole ethos of pistar is to enable those with little to 0 linux ability to get going with mmdvm. Leaving them to continue with broad statememts of now just do this, do that will not help them in any way. Especially given your mod leaves them wide open, until they themselves fix the security issues your posted mod leaves them with.
But today IP includes ipv4 AND ipv6 , there is no option as the number of ipv4 addresses is becoming very low. On an other hand it turns out that ipv6 routing is more efficient and more secure (encrypted frames).
So , both, ipv4 and V6 should be available on pi-star as most of ISP's do so.
So I think that a default firewall based upon itptables (v4 and v6) is still necessary of course, but while offering a way to allow connections (remote ipv6 access) with strong security (certificates or strong password). This is no more that what we can do with a simple Raspberry pi4 today or even on a windows computer.
Also , I see that the actual op-sys release based upon "buster" is still offering super-users with "no password" , a migration toward " Bullseye "would be more than necessary (no more pi or pi-star super-users) because it is a big security hole ...
Under Bullseye the root super-user password is only known (should be) by the owner of the raspberry, this is very important for the whole security of the system.
Best regards
Patrick F1GYG