[CalendarServer-dev] IPv6 support in 4.2?

Glyph glyph at twistedmatrix.com
Mon Mar 25 15:12:12 PDT 2013


Back to the list again...  (Please remember to 'reply all'...)

That config looks OK to me.

Can you paste the exact log message, along with some surrounding context in the log?

Regardless of what gets logged, is it listening on the IPv6 interface?

Maybe this is another FreeBSD-specific issue, I don't think we've tested IPv6 there...

-glyph

On Mar 25, 2013, at 3:10 AM, Axel Rau <Axel.Rau at Chaos1.DE> wrote:

> Am 24.03.2013 um 21:56 schrieb glyph at twistedmatrix.com:
> 
>> Sorry, accidentally replied directly; back on-list...
>> 
>> On Mar 24, 2013, at 1:21 AM, Axel Rau <axel.rau at chaos1.de> wrote:
>> 
>>> 
>>> Am 24.03.2013 um 04:00 schrieb glyph at twistedmatrix.com:
>>> 
>>>> 
>>>> On Mar 21, 2013, at 2:58 PM, Axel Rau <axel.rau at chaos1.de> wrote:
>>>> 
>>>>> I see some IPv6 patches in backport, while getting
>>>>> 
>>>>> twisted.internet.error.CannotListenError: Couldn't listen on dead:beef:f:d::cc:8443: [Errno 43] Protocol not supported.
>>>>> 
>>>>> Is this expected to work in 4.2?
>>>> 
>>>> Yes, but only if your host actually has an IPv6 address.  Do you?
>>> Yes, its cp4.lrau.net.
>>> So, I will have to debug that on my FreeBSD port. I first check, if the patch code in backport is being called...
>>> Any suggestions welcome...
>> 
>> The backport is identical to the code in newer versions of Twisted, so it shouldn't matter.  It would still be good to know for diagnostic purposes, of course.
>> 
>>>>> If yes, does the TLS/cert code handle dual stack addresses?
>>>> 
>>>> Sure, that's at a totally different layer.  TLS certificates are for a hostname, not an IP.
>>> My experience is, that some server/client implementations check reverse mapping and fail if there is more than one address per fqdn:
>>> [axels-macpro:~] axel% host cp4.lrau.net
>>> cp4.lrau.net has address 91.216.35.77
>>> cp4.lrau.net has IPv6 address 2a02:d40:2:2::77
>>> [axels-macpro:~] axel% host 91.216.35.77
>>> 77.35.216.91.in-addr.arpa domain name pointer cp4.lrau.net.
>>> [axels-macpro:~] axel% host 2a02:d40:2:2::77
>>> 7.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.0.0.0.4.d.0.2.0.a.2.ip6.arpa domain name pointercp4.lrau.net.
>>> [axels-macpro:~] axel% ping6 cp4
>>> PING6(56=40+8+8 bytes) 2a02:d40:2:10::121 --> 2a02:d40:2:2::77
>>> 16 bytes from 2a02:d40:2:2::77, icmp_seq=0 hlim=62 time=18.691 ms
>> 
>> I don't believe we have any such check.
>> 
>> What relevant configuration keys do you have set?
> 
> ---
>    <!-- Network host name [empty = system host name] -->
>    <key>ServerHostName</key>
>    <string>cp4.lrau.net</string> <!-- The hostname clients use when connecting -->
> 
>    <!-- HTTP port [0 = disable HTTP] -->
>    <key>HTTPPort</key>
>    <integer>0</integer>
> 
>    <!-- SSL port [0 = disable HTTPS] -->
>    <!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
> 
>    <key>SSLPort</key>
>    <integer>8443</integer>
> 
>    <!-- Enable listening on SSL port(s) -->
>    <key>EnableSSL</key>
>    <true/>
> 
>    <key>SSLMethod</key>
>    <string>TLSv1_METHOD</string>
> 
>    <key>SSLCiphers</key>
>    <string>HIGH:MEDIUM</string>
> 
>    <!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
>    <key>RedirectHTTPToHTTPS</key>
>    <false/>
> 
> 
>    <!--
>        Network address configuration information
> 
>        This configures the actual network address that the server binds to.
>      -->
> 
>    <!-- List of IP addresses to bind to [empty = all] -->
>    <key>BindAddresses</key>
>    <array>
>    <string>91.216.35.77</string>
>    <string>2a02:d40:2:2::77</string>
>    </array>
> 
>    <!-- List of port numbers to bind to for HTTP [empty = same as "Port"] -->
>    <key>BindHTTPPorts</key>
>    <array>
>    </array>
> 
>    <!-- List of port numbers to bind to for SSL [empty = same as "SSLPort"] -->
>    <key>BindSSLPorts</key>
>    <array>
>    <integer>8443</integer>
>    </array>
> ---
> 
> Axel
> ---
> PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius
> 



More information about the calendarserver-dev mailing list