Howto enable IPv6 privacy extensions

Gabriel VLASIU gabriel at vlasiu.net
Fri Jan 4 14:26:05 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, 4 Jan 2013, Patrick Lists wrote:

> >
> > Add:
> >
> > IPV6_PRIVACY=rfc3041
> >
> > to /etc/sysconfig/network-scripts/ifcfg-nicN
> >
> > Restart the network service (I never tested this with NetworkManager).
> 
> Thank you for your suggestion. I added it to both ifcfg-p21p1 and ifcfg-br0
> and rebooted but still no joy. I'm using network (not NetworkManager) and a
> bridged interface br0 because of several VMs on this box. Maybe that is
> causing this not to work or my AVM Fritz!box ADSL modem which hands out the
> IPv6 addresses.
I also use network.

$ grep IPV6_PRIVACY=rfc3041 /etc/sysconfig/network-scripts/*
/etc/sysconfig/network-scripts/ifcfg-eth0:IPV6_PRIVACY=rfc3041
/etc/sysconfig/network-scripts/ifcfg-wlan0:IPV6_PRIVACY=rfc3041

$ ip -6 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fc00::100/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 2a02:2f07:c060:113:9dc0:4eaa:XXXX:XXXX/64 scope global temporary dynamic 
       valid_lft 86369sec preferred_lft 14369sec
    inet6 2a02:2f07:c060:113:21b:38ff:YYYY:YYYY/64 scope global dynamic 
       valid_lft 86369sec preferred_lft 14369sec
    inet6 fc00::9dc0:4eaa:XXXX:XXXX/64 scope global temporary dynamic 
       valid_lft 86369sec preferred_lft 14369sec
    inet6 fc00::21b:38ff:YYYY:YYYY/64 scope global dynamic 
       valid_lft 86369sec preferred_lft 14369sec
    inet6 fe80::21b:38ff:YYYY:YYYY/64 scope link 
       valid_lft forever preferred_lft forever

Try adding (keep IPV6_PRIVACY=rfc3041)

net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2

in /etc/sysctl.d/ipv6_privacy_extensions and reboot.

No need for net.ipv6.conf.<nicN>.use_tempaddr=2
since /etc/sysconfig/network-scripts/ifup-ipv6 do this for you:

if [ "$IPV6_PRIVACY" = "rfc3041" ]; then
        /sbin/sysctl -e -w net.ipv6.conf.$SYSCTLDEVICE.use_tempaddr=2 >/dev/null 2>&1
        if [ $? -ne 0 ]; then
                net_log $"Cannot enable IPv6 privacy method '$IPV6_PRIVACY', not supported by kernel"
        fi
fi


Gabriel 

- -- 

// Gabriel VLASIU
//
// OpenGPG-KeyID      : 44952F15
// OpenGPG-Fingerprint: 4AC5 7C26 2FE9 02DA 4906  24B2 D32B 7ED7 4495 2F15
// OpenGPG-URL        : http://www.vlasiu.net/public.key


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBCgAGBQJQ5uZ9AAoJENMrftdElS8V1rAP/Aqt5Ge0jtQSwuvjLesvKha3
8CitnF9v2SJjasF/hJiFAYqgMs9uLhtWymTmc/XEfHfD67AXQT0ElSd0/b59o1o8
2r7tqmXBun5dYst6FXg15CUFchXpVVfO5J7QUJyPZDftBKvPCb32orWwWxlR2pau
zOG7qkuX0F53Y6L7q/gemJzp0A5b9D7To5VJtkbvXw26PpK//Vk90u464OO+gkK9
mrt1lX5NdyhfHg/1+lja96t4UsOeU8CoM0A9QxcUBB7wYSVS2bXSRHW3A9LYMeB+
WN1oUzDvBRnuJHRJgtoFM8Kl3jEZ2e0TRQ1ArG+kzxH8CmM399o3CTOaYzvRmTrZ
+2um3NMFgKm4iioLgjrIgl2/wPZ6WLG2TUvBPSsxVwsS/ndaRJ8BB8GmK3UeoGrA
cbKXrGZIdcbcPALgfU4pWmQNKJgCSq6b1/wNjasYUIXB8QeJF6nJy3cftLP9ApfZ
vt24k9Blh9Jr+NJDPwNDL8x5XqRrqRCjcoYT9OgZR/T1vd04PD3LTWJeYiY1X+S/
ja5rjfZ9RyTpLsI7Q3LTk6BKGWcYfOfqKc+dIBIhJLNChqpH6ca0F4CVs+ebooaC
Ld7+KdC0PoaNbe81LeCAqFHjYZ23WLzp84dgZglnUIufJw+JdAHbA22O4T2eTzB+
gBxh0tEcl7MSwhnO9YRk
=xRPa
-----END PGP SIGNATURE-----

More information about the users mailing list