Skip to content

Add dual-stack IPv4/IPv6 network support for TKL v19#338

Open
marcos-mendez wants to merge 7 commits intoturnkeylinux:19.x-devfrom
popsolutions:19.x-dev
Open

Add dual-stack IPv4/IPv6 network support for TKL v19#338
marcos-mendez wants to merge 7 commits intoturnkeylinux:19.x-devfrom
popsolutions:19.x-dev

Conversation

@marcos-mendez
Copy link
Contributor

@marcos-mendez marcos-mendez commented Mar 24, 2026

Changes

1. Replace udhcpc with dhcpcd for dual-stack DHCPv4/DHCPv6

  • Switch from udhcpc (IPv4-only) to dhcpcd (dual-stack v4+v6)
  • Add inet6 dhcp stanzas to interfaces overlay
  • Remove udhcpc-fix overlay
  • Mask dhcpcd.service daemon to prevent conflict with ifupdown

2. Enable apache-ssl conf script for all Apache appliances

  • apache-ssl existed in common/conf/ but was never invoked by any .mk
  • Add apache-ssl to apache.mk COMMON_CONF

Testing

  • Built and tested Moodle appliance as LXC on Proxmox
  • Verified dual-stack networking (DHCPv4 + DHCPv6/SLAAC)
  • Verified Apache starts correctly with SSL certificate

navigator and others added 7 commits March 20, 2026 15:58
WIP: idempotency fixes and postgresql plan for 19.x-dev
20014ed
feat: TurnKey Linux v19 Trixie migration fixes
4ad80fd 
- plans/turnkey/base: add libsocket6-perl + libio-socket-ssl-perl (IPv6 Webmin)
- plans/turnkey/base: uncomment tklbam (migrated to Python 3.13)
- conf/turnkey.d/webmin-conf: enable ipv6=1 by default
- overlays/turnkey.d/networking/etc/gai.conf: prefer IPv4 for external connections

Tested: Built turnkey-core v19 ISO (406MB), LXC container running with
Webmin on IPv4+IPv6, SSH, systemd, Python 3.13, kernel 6.12.
fix: guard fail2ban-fixes script when fail2ban not installed
4c6f5c9
fix: add locales to base plan (no longer pulled as dependency in Trixie)
02910e7
fix: add mawk to base plan (resolves virtual package awk for Trixie)
07d32fb
Replace udhcpc with dhcpcd for dual-stack DHCPv4/DHCPv6 support
abb5516 
- Switch from udhcpc (IPv4-only) to dhcpcd (dual-stack v4+v6)
- Add inet6 dhcp stanzas to interfaces overlay for eth0 and eth1
- Remove udhcpc-fix overlay (resolvconf integration handled natively by dhcpcd)
- Mask dhcpcd.service daemon to prevent conflict with ifupdown
  (ifupdown invokes dhcpcd on-demand via ifup/ifdown)

Tested: ifupdown 0.8.44 (Trixie) natively supports dhcpcd-base.
With daemon masked, ifup eth0 successfully obtains both DHCPv4 and
DHCPv6 (SLAAC) addresses using a single package.

This enables dual-stack IPv4+IPv6 out of the box for all TKL v19
appliances without breaking confconsole/ifupdown integration.
fix: enable apache-ssl conf script for all Apache appliances
e34762f 
The apache-ssl conf script (which configures TLS protocol hardening,
cipher suites, default certificate paths, OCSP stapling, HSTS, and
HTTP/2) existed in common/conf/ but was never invoked by any .mk file.

This caused all Apache+SSL appliances on Trixie to start with
SSLEngine on but no SSLCertificateFile, resulting in fatal mod_ssl
errors on boot.

Add apache-ssl to apache.mk COMMON_CONF so it runs automatically
for every appliance that includes Apache.
@marcos-mendez
Copy link
Contributor Author

marcos-mendez commented Mar 24, 2026

Note on companion work

A related fix for confconsole (separate repo) was also developed:
_get_default_nic() only checked IPv4 via get_ipconf(), causing
confconsole to report "Networking is not yet configured" on IPv6-only
hosts. The fix adds a get_ipv6conf() fallback. PR to follow.

Impact note

The apache-ssl fix (item 2) affects all Apache-based TKL appliances
on Trixie, not just Moodle. Every appliance with SSLEngine on will
fail to start Apache on first boot without this change.

Motivation

These changes are part of an effort to make TKL v19 IPv6-first ready.
As IPv4 exhaustion accelerates, appliances should work out of the box
on IPv6-only networks with IPv4 as optional/fallback.

turnkeylinux/confconsole#101

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcos-mendez