CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Michael Tänzer schreef op 14-2-2014 12:46:
> now that we have set up the new system could we start supporting
> IPv6? I only found this page on the wiki that cites some issue with
> the kernel but I guess that's not the problem anymore is it?

Yes, we can :-)
I wrote two weeks ago to Mario and Jan about this, summarized here:

With the new firewall in place we are now in a position to support
IPv6. Aside from the firewall itself, it has been tested now with the
hopper and with our DNS server, and works smoothly. IPv6 addresses for
infrastructure are allocated from 2001:07b8:616:0162:0001::/80, where
the machine number from the 172.16.2 lan is used as pseudo-hex, thus:

   wiki.cacert.org      2001:07b8:616:0162:1::12
   blog.cacert.org      2001:07b8:616:0162:1::13

etc.

The reverse mappings are already present in the DNS:
$ host 2001:07b8:616:0162:1::12
2.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa
domain name pointer wiki.cacert.org.

Forward mappings can be added to the DNS on request, it's better to
wait with this until the associated service has been setup for IPv6,
otherwise users will be disappointed.

The firewall is supposed to be able to handle these addresses,
but a real test has not been performed yet.

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME-cryptografische ondertekening