Fedora IPv6 testing and improvements - request for ideas

Dan Williams dcbw at redhat.com
Fri Oct 30 19:01:42 UTC 2015


On Thu, 2015-10-29 at 15:30 -0500, Chris Adams wrote:
> Once upon a time, Zach Villers <zachvatwork at gmail.com> said:
> > If it helps, Sixxs (https://www.sixxs.net/main/) is a very highly
> > recommended tunnel broker. I have not tried it and am not affiliated. I do
> > have ipv6 capability from my isp, so could help with testing.
> 
> There's also Hurricane Electric's free IPv6 tunnels.
> 
> BTW: one issue that I have seen with IPv6 and address privacy extensions
> is that, since temporary address handling moved to user-space
> (NetworkManager I guess?) instead of kernel-space, temporary addresses
> are expired even when they are still in use.  This affects anything that
> uses long-lived sessions (such as SSH to a server) and is highly
> annoying.
> 
> The RFC (4941 section 3.4) says:
> 
>   "As an optional optimization, an implementation MAY remove a
>    deprecated temporary address that is not in use by applications or
>    upper layers as detailed in Section 6."

You can set this on a per-connection basis with NM.  It just defaults to
"unset", which then defaults to "on".  You can also set a global default
through /etc/NetworkManager/NetworkManager.conf so that all new
connections on your system get "disabled" when they have the privacy
value unset.

nmcli con mod "<connection name/id>" ipv6.ip6-privacy 0

Dan



More information about the devel mailing list