privacy extension german translation

LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.sgml

@@ -14,7 +14,7 @@
 <title>Linux IPv6 HOWTO (de)</title>
 <author><firstname>Peter</firstname><surname>Bieringer</surname><affiliation><address>pb at bieringer dot de</address></affiliation></author>
 <revhistory> 
-<revision> <revnumber>0.66wip.de.1</revnumber> <date>2014-05-13</date> <authorinitials>PB</authorinitials></revision>
+<revision> <revnumber>0.66.de.1</revnumber> <date>2014-05-15</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.65.de.1</revnumber> <date>2009-12-13</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.64.de.1</revnumber> <date>2009-06-11</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.61.de.1</revnumber> <date>2007-10-06</date> <authorinitials>PB</authorinitials></revision>
@@ -733,7 +733,60 @@ inet6 addr: fec0:0:0:f101::1/64 Scope:Site
 <![CDATA[# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>
 ]]></screen><para>Beispiel:</para><screen>
 <![CDATA[# /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64
-]]></screen></sect2></sect1></chapter><chapter id='chapter-configuration-route' >
+]]></screen></sect2></sect1><sect1>
+<title>Automatische IPv6-Adress-Konfiguration</title>
+<para>Im Fall, dass ein Endgerät ein Router Advertisement empfängt und der Host kein Router ist, konfiguriert sich das Endgerät selbst eine IPv6-Adresse entsprechend dem Präfix aus dem Router Advertisement (siehe auch <xref linkend="hints-daemons-radvd">).</para></sect1><sect1>
+<title>Aktivieren der Privacy Extension</title>
+<para>Privacy Extension wie beschrieben in <ulink url="http://www.faqs.org/rfcs/rfc4941.html">RFC 4941 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6</ulink> (Nachfolger von <ulink url="http://www.faqs.org/rfcs/rfc3041.html">RFC 3041</ulink>) ersetzt die statische Interface ID (mostly basierend auf der weltweit eindeutigen MAC-Adresse), die bei der Autokonfiguration benutzt wird, durch eine pseudo-random und von Zeit zu Zeit neu generierte.</para><sect2>
+<title>Aktivieren von Privacy Extension mit Hilfe von sysctl</title>
+<bridgehead renderas="sect2">Temporäre Aktivierung</bridgehead>
+<para>Einschalten der Privacy Extension für z.B. Interface &ldquo;eth0&rdquo; und zudem Präferieren dieser Adresse:</para><screen>
+<![CDATA[# sysctl -w net.ipv6.conf.eth0.use_tempaddr=2
+]]></screen><para>Zur Aktivierung ist der Restart des Interfaces notwendig</para><screen>
+<![CDATA[# ip link set dev eth0 down
+# ip link set dev eth0 up
+]]></screen><para>Nach Empfang eines Router Advertisement sollte das Interface eine entsprechende Adresse sich selbst konfiguriert haben</para><screen>
+<![CDATA[# ip -6 addr show dev eth0
+2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
+    inet6 2001:db8:0:1:8992:3c03:d6e2:ed72/64 scope global secondary dynamic   <- pseudo-random IID
+       valid_lft 604711sec preferred_lft 86311sec
+    inet6 2001:db8:0:1::224:21ff:fe01:2345/64 scope global     <- IID based on MAC
+       valid_lft 604711sec preferred_lft 86311sec
+    ...
+]]></screen><bridgehead renderas="sect2">Permanente Aktivierung</bridgehead>
+<para>Für eine permanente Aktivierung muss entweder ein spezieller Initscript-Wert pro Interface gesetzt sein oder ein entsprechender Wert in /etc/sysctl.conf definiert werden:</para><screen>
+<![CDATA[net.ipv6.conf.eth0.use_tempaddr=2
+]]></screen><para>Achtung: das Interface muss zu diesem Zeitpunkt bereits existieren. Wenn das nicht der Fall ist (z.B. nach einem Reboot) musses für alle Interfaces konfiguriert werden:</para><screen>
+<![CDATA[net.ipv6.conf.all.use_tempaddr=2
+net.ipv6.conf.default.use_tempaddr=2
+]]></screen><para>Die Änderungen in /etc/sysctl.conf können im laufenden Betrieb geändert werden, aber zur wirklichen Aktivierung wird mindestens wird ein Interface-Restart (down/up) oder ein Reboot benötigt.</para><screen>
+<![CDATA[# sysctl -p
+]]></screen></sect2><sect2>
+<title>Aktivieren von Privacy Extension mit Hilfe des NetworkManager</title>
+<para>Moderne (Client-) Systeme nutzen NetworkManager zur Interface-Konfiguration. Ein Kommandozeilen-Werkzeug ist eingebaut welches auch Parameter ändern kann, die in der GUI nicht verfügbar (oder sichtbar) sind.</para>
+<para>Beispiele basieren auf Version 0.9.9.1-5.git20140319.fc21</para>
+<para>Prüfen existierender Interfaces mit:</para><screen>
+<![CDATA[# nmcli connection 
+NAME UUID TYPE DEVICE
+ens4v1 d0fc2b2e-5fa0-4675-96b5-b723ca5c46db 802-3-ethernet ens4v1 
+]]></screen><para>Menge von IPv6-Adressen mit Privacy Extension:</para><screen>
+<![CDATA[# ip -o addr show dev ens4v1 | grep temporary | wc -l
+0
+]]></screen><para>Aktuelle Einstellung der IPv6 Privacy Extension für ein Interface:</para><screen>
+<![CDATA[# nmcli connection show ens4v1 |grep ip6-privacy
+ipv6.ip6-privacy: -1 (unknown)
+]]></screen><para>Aktivieren der IPv6 Privacy Extension und Restart des Interfaces;</para><screen>
+<![CDATA[# nmcli connection modify ens4v1 ipv6.ip6-privacy 2
+# nmcli connection down ens4v1; nmcli connection up ens4v1
+]]></screen><para>Neuer Wert der IPv6 Privacy Extension prüfen:</para><screen>
+<![CDATA[# nmcli connection show ens4v1 |grep ip6-privacy
+ipv6.ip6-privacy: 2 (active, prefer temporary IP)
+]]></screen><para>Nun sollten auch IPv6 Privacy Extension Adressen automatisch konfiguriert sein</para><screen>
+<![CDATA[# ip -o addr show dev ens4v1 | grep temporary | wc -l
+2
+]]></screen></sect2><sect2>
+<title>Test zur Benutzung von Privacy Extension IPv6-Adressen</title>
+<para>Ob die IPv6-Adresss mit einer durch die Privacy Extension generierte Interface ID für ausgehende Verbindungen wirklich benutzt wird, kann z.B. mit Hilfe eines Web-Browers durch Aufruf von <ulink url="http://ip.bieringer.de/">http://ip.bieringer.de/</ulink> durchgeführt werden. Wenn EUI64_SCOPE als Ausgabe &ldquo;iid-privacy&rdquo; zeigt, dann funktioniert alles richtig.</para></sect2></sect1></chapter><chapter id='chapter-configuration-route' >
 <title><!-- anchor id="chapter-configuration-route" -->Konfiguration normaler IPv6-Routen</title>
 <para>Wenn Sie Ihren lokalen Link verlassen und Pakete in das weltweite IPv6-Internet versenden wollen, dann benötigen Sie Routing. Wenn sich bereits ein IPv6 fähiger Router an Ihrem Link befindet, dann reicht eventuell das Hinzufügen von IPv6 Routen.</para>
 <para>Achtung: Adressen beginnend mit &ldquo;fec0&rdquo; sind obsolet, hier aber noch der Vollständigheit wegen gezeigt!</para><sect1>

LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx

@@ -111,8 +111,8 @@ status open
 
 \begin_layout Plain Layout
 
-<revision> <revnumber>0.66wip</revnumber> <date>2014-05-15</date> <authorinitials
->PB</authorinitials></revision>
+<revision> <revnumber>0.66</revnumber> <date>2014-05-15</date> <authorinitials>PB
+</authorinitials></revision>
 \end_layout
 
 \end_inset
@@ -5098,9 +5098,10 @@ Automatic IPv6 Address Configuration
 \end_layout
 
 \begin_layout Standard
-In case, a Router Advertisement is received by a client, in case IPv6 autoconfig
-uration is enabled, the client configures itself an IPv6 address according
- to the prefix contained in the advertisement (see also 
+In case, a Router Advertisement is received by a client, and IPv6 autoconfigurat
+ion is enabled (default on non-router), the client configures itself an
+ IPv6 address according to the prefix contained in the advertisement (see
+ also 
 \begin_inset CommandInset ref
 LatexCommand ref
 reference "hints-daemons-radvd"
@@ -5223,8 +5224,8 @@ net.ipv6.conf.eth0.use_tempaddr=2
 \begin_layout Standard
 Note: interface must already exists with proper name when sysctl.conf is
  applied.
- If this is not the case (udev or delayed initialization) one has to configure
- privacy for all interfaces by default:
+ If this is not the case (e.g.
+ after reboot) one has to configure privacy for all interfaces by default:
 \end_layout
 
 \begin_layout Code
@@ -5236,8 +5237,8 @@ net.ipv6.conf.default.use_tempaddr=2
 \end_layout
 
 \begin_layout Standard
-Values can be activated during runtime, but at least an interface down/up
- or a reboot is recommended.
+Changed/added values in /etc/sysctl.conf can be activated during runtime,
+ but at least an interface down/up or a reboot is recommended.
 \end_layout
 
 \begin_layout Code
@@ -5249,12 +5250,15 @@ Enable Privacy Extension using NetworkManager
 \end_layout
 
 \begin_layout Standard
-Modern (client) systems are using NetworkManager (here: version 0.9.9.1-5.git2014031
-9.fc21) for configuring interfaces.
+Modern (client) systems are using NetworkManager for configuring interfaces.
  A command line tool is built-in which can be used to change settings which
  are not available via GUI.
 \end_layout
 
+\begin_layout Standard
+Examples based on version 0.9.9.1-5.git20140319.fc21
+\end_layout
+
 \begin_layout Standard
 Check existing interfaces with:
 \end_layout
@@ -5332,7 +5336,7 @@ Now IPv6 privacy extension addresses are configured on the interface
 \end_layout
 
 \begin_layout Subsection
-Test real use of Privacy Extension
+Test real use of Privacy Extension IPv6 Addresses
 \end_layout
 
 \begin_layout Standard

LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml

@@ -13,7 +13,7 @@
 <title>Linux IPv6 HOWTO (en)</title>
 <author><firstname>Peter</firstname><surname>Bieringer</surname><affiliation><address>pb at bieringer dot de</address></affiliation></author>
 <revhistory> 
-<revision> <revnumber>0.66wip</revnumber> <date>2014-05-15</date> <authorinitials>PB</authorinitials></revision>
+<revision> <revnumber>0.66</revnumber> <date>2014-05-15</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.65</revnumber> <date>2009-12-13</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.64</revnumber> <date>2009-06-11</date> <authorinitials>PB</authorinitials></revision>
 <revision> <revnumber>0.60</revnumber> <date>2007-05-31</date> <authorinitials>PB</authorinitials></revision>
@@ -739,7 +739,7 @@ inet6 addr: fec0:0:0:f101::1/64 Scope:Site
 <![CDATA[# /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64
 ]]></screen></sect2></sect1><sect1>
 <title>Automatic IPv6 Address Configuration</title>
-<para>In case, a Router Advertisement is received by a client, in case IPv6 autoconfiguration is enabled, the client configures itself an IPv6 address according to the prefix contained in the advertisement (see also <xref linkend="hints-daemons-radvd">).</para></sect1><sect1>
+<para>In case, a Router Advertisement is received by a client, and IPv6 autoconfiguration is enabled (default on non-router), the client configures itself an IPv6 address according to the prefix contained in the advertisement (see also <xref linkend="hints-daemons-radvd">).</para></sect1><sect1>
 <title>Enable Privacy Extension</title>
 <para>Privacy Extension as described in <ulink url="http://www.faqs.org/rfcs/rfc4941.html">RFC 4941 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6</ulink> (obsoleted <ulink url="http://www.faqs.org/rfcs/rfc3041.html">RFC 3041</ulink>) is replacing the static interface ID (mostly based on word-wide unique MAC address) used during autoconfiguration by a pseudo-random one and generating from time to time a new one deprecating the old one.</para><sect2>
 <title>Enable Privacy Extension using sysctl</title>
@@ -760,14 +760,15 @@ inet6 addr: fec0:0:0:f101::1/64 Scope:Site
 ]]></screen><bridgehead renderas="sect2">Permanent activation</bridgehead>
 <para>For permanent activation, either a special initscript value per interface will enable privacy or an entry in the /etc/sysctl.conf file like</para><screen>
 <![CDATA[net.ipv6.conf.eth0.use_tempaddr=2
-]]></screen><para>Note: interface must already exists with proper name when sysctl.conf is applied. If this is not the case (udev or delayed initialization) one has to configure privacy for all interfaces by default:</para><screen>
+]]></screen><para>Note: interface must already exists with proper name when sysctl.conf is applied. If this is not the case (e.g. after reboot) one has to configure privacy for all interfaces by default:</para><screen>
 <![CDATA[net.ipv6.conf.all.use_tempaddr=2
 net.ipv6.conf.default.use_tempaddr=2
-]]></screen><para>Values can be activated during runtime, but at least an interface down/up or a reboot is recommended.</para><screen>
+]]></screen><para>Changed/added values in /etc/sysctl.conf can be activated during runtime, but at least an interface down/up or a reboot is recommended.</para><screen>
 <![CDATA[# sysctl -p
 ]]></screen></sect2><sect2>
 <title>Enable Privacy Extension using NetworkManager</title>
-<para>Modern (client) systems are using NetworkManager (here: version 0.9.9.1-5.git20140319.fc21) for configuring interfaces. A command line tool is built-in which can be used to change settings which are not available via GUI.</para>
+<para>Modern (client) systems are using NetworkManager for configuring interfaces. A command line tool is built-in which can be used to change settings which are not available via GUI.</para>
+<para>Examples based on version 0.9.9.1-5.git20140319.fc21</para>
 <para>Check existing interfaces with:</para><screen>
 <![CDATA[# nmcli connection 
 NAME UUID TYPE DEVICE
@@ -788,7 +789,7 @@ ipv6.ip6-privacy: 2 (active, prefer temporary IP)
 <![CDATA[# ip -o addr show dev ens4v1 | grep temporary | wc -l
 2
 ]]></screen></sect2><sect2>
-<title>Test real use of Privacy Extension</title>
+<title>Test real use of Privacy Extension IPv6 Addresses</title>
 <para>Whether the IPv6 address with an Interface ID generated by Privacy Extension is really used for outgoing connections, one can browse to <ulink url="http://ip.bieringer.de/">http://ip.bieringer.de/</ulink>, in case EUI64_SCOPE shows &ldquo;iid-privacy&rdquo;, then everything is working fine.</para></sect2></sect1></chapter><chapter id='chapter-configuration-route' >
 <title><!-- anchor id="chapter-configuration-route" -->Configuring normal IPv6 routes</title>
 <para>If you want to leave your link and want to send packets in the world wide IPv6-Internet, you need routing. If there is already an IPv6 enabled router on your link, it's possible enough to add IPv6 routes.</para>