Networking improvements for Quantal (IPv6, DNS, Network Manager)

Registered by Stéphane Graber

Catch all session (should be scheduled in a big slot if possible) for networking in Quantal.
Discussing with Mathieu Trudel, we don't think there's enough to discuss this time around to warrant the usual 2-3 networking related sessions. If we're wrong, then we'll schedule another one.

Blueprint information

Steve Langasek
Stéphane Graber
Stéphane Graber
Series goal:
Accepted for quantal
Milestone target:
milestone icon ubuntu-12.10-beta-1
Started by
Kate Stewart



Session notes:
Current list of things to discuss (feel free to append items):
 - IPv6
   + Bug to fix:
   + Support for PPP (PPPoE and 3G)
     - Orange Poland is very interested in this; see how we can help (should be simple, really)
   + Support for VPNs (pptp openconnect, openvpn 2.4 if released by then)
   + Support for tunnel creation in Network Manager (if considered useful?)
   + Providing IPv6 to VMs and containers
   + Improving dnsmasq usage to reduce conflicts with other resolvers and other dnsmasq instances (such as these created by libvirt, lxc, Network Manager, the dnsmasq package itself, ...)
   + DNSSEC support, is there anything we can do to improve it? (dnsmasq is currently proxying it, which works when the upstream DNS server supports DNSSEC)
- netcfg
   + Generate Network Manager configuration from netcfg
- 802.1x (network auth, possibly with TPM)
  - TPM support requires a patch in NM, cyphermox will take care of it
- NM command-line use cases
   + Make sure nmcli (or some other command-line tool) can create new configurations
- NM Proxy support
- NM Firewall support
- Opinion on version of isc-dhcp-server/isc-dhcp-client

mathieu-tl, 2012-07-04:
- Proxy support in NM: postponing; doesn't seem like something I'll get to for quantal; but we'll fix the proxy issues in gnome-settings-daemon separately and revisit this in q+1.
- IPv6 tab for VPN: in progress upstream, we should get that "for free" with the new few uploads of NM / with NM or later.

mathieu-tl, 2012-08-06:
- TPM 802.1x patch postponed: somebody else signed up for the work (and that's not new); as soon as I get the tested/revised patch I'll gladly sponsor it.

mathieu-tl, 2012-08-14:
- Discussed SIT with dcbw shortly on IRC, the best course of action for implementing SIT tunnels in NM (which is a good idea in itself) is to mimick roughly how things are done for VLAN and PPPoE, being something roughly between a device and a VPN. Of course, the closest "template" would be VLAN, since it's less closely tied to hardware devices. We'll basically just need to allow providing a gateway address; and the name of the devices to create.


Work Items

Work items:
[cyphermox] Fix IP/PPP contexts parsing in Network Manager/Modem Manager: POSTPONED
[cyphermox] Add support for multiple contexts (with IPv6) for Network Manager, Modem Manager, and m-b-p-i: POSTPONED
[cyphermox] Add the IPv6 tab for VPN plugins in Network Manager: DONE
[cyphermox] Get the patches to dnsmasq/Network Manager for spawning on and binding to the right interfaces going: DONE
[cyphermox] Speak to Dan about SIT tunnelling support in Network Manager: DONE
[cyphermox] Implement SIT tunnels in NM, based on the VLAN support already available: POSTPONED
[cyphermox] Fix the 802.1x TPM patch for Network Manager/wpasupplicant: POSTPONED
[cyphermox] Add a flag to the VPN connections in Network Manager to force all DNS queries to the VPN DNS server instead of only the subnets/domains advertised by the VPN server: POSTPONED
[cyphermox] Add proxy support in Network Manager (new tab, config in connection files, etc.) (pending discussion with upstream): POSTPONED
[stgraber] Generate Network Manager configuration from the installer (netcfg) (alternate is now gone, so this is hardly a priority): POSTPONED
[stgraber] Document how to connect on a dual-stack ppp connection requiring use of multiple contexts (command line) ( DONE
[stgraber] Check if we can figure out who sends data over a socket:(loopback socket) so we can implement per-user caches (possible with some ugly tricks: DONE
[stgraber] Get the existing IPv6 automated testing running daily and make results public (cleaned up in lp:~stgraber/+junk/v6-testing, sent to QA): DONE
Teach the firewalld DBUS API to ufw (or have NM understand ufw): POSTPONED
Package 6to4:(if-up script for ifupdown, checking an environment variable to know if it needs to set it up): POSTPONED
[stgraber] Investigate switching to another local resolver that better supports DNSSEC (unbound): DONE