Howto enable IPv6 privacy extensions
Gabriel VLASIU
gabriel at vlasiu.net
Fri Jan 4 10:27:41 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, 4 Jan 2013, Patrick Lists wrote:
> On an up-to-date F17 x86_64 box I was testing IPv6 and it was pointed out that
> the IPv6 address that Fedora uses is traceable because it ends in the MAC
> address of the nic. I don't like that and want to enable privacy extensions
> which should replace the MAC address with some random stuff in the IPv6
> address.
>
> I added the following to /etc/sysctl.d/ipv6_privacy_extensions and rebooted:
>
> net.ipv6.conf.default.use_tempaddr = 1
> net.ipv6.conf.default.temp_prefered_lft = 7200
>
> Unfortunately this does not work as I don't see an IPv6 address with "scope
> global dynamic" and if I go to http://ip6.nl then it still shows my IPv6
> address with the MAC address in it.
>
> Anyone know how to make this work?
Add:
IPV6_PRIVACY=rfc3041
to /etc/sysconfig/network-scripts/ifcfg-nicN
Restart the network service (I never tested this with NetworkManager).
Gabriel
- --
// Gabriel VLASIU
//
// OpenGPG-KeyID : 44952F15
// OpenGPG-Fingerprint: 4AC5 7C26 2FE9 02DA 4906 24B2 D32B 7ED7 4495 2F15
// OpenGPG-URL : http://www.vlasiu.net/public.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBCgAGBQJQ5q6dAAoJENMrftdElS8VoDAP/j/M6k5OytDkYcogtCDQt8pL
3CvFEp2qxZuzQtEZfHfG2EQH4wGNipTszh7WXZbOjtPc1gx1v6yVtmRZWd+3RBVB
bV2s5abEuNQTuRwx9+H1by24tU6vaVW8fRgXHrE2dyWHEZbMvoBVQkEuuWi7qRSt
qAf2IdmXRT3IzUGXXedwzJ5Yg1Z4aLg11jdmgDiNAt1CUgNVWGGhjZ34OCibIM2G
UIuviNQU1ITfNorJU0yDcjtvEpBcZV5GfAEk+qvMQ1vBoYi/pRptuvdqZHmKM4wa
r5RsVFptYGVHorvQclx14TbCLopPEB5CXp8w5VB+EUiO8seQC/f6zo5GTf8Rinnz
s5nqAt6/UWOEABxuFh2jD2ObWJvp4hx0L0QDHvTZbY6nwK2a3l0u8wY86+nQE01x
mjUfkcvsVb9RhyhXxsAnThfqF+9+CQc7lqnEIHyVdGSeXq55vgW9iRue6br/XMn4
z2po2jwoIw5o0UpYt3szYb6hivNmoq4j5wizYkGmWgIWfo3T8hVE5digt9C/UGh9
0bGBbiJot0BFnteYDLK9VPZkJH3NRYw22d4mGR+8RxtZ0cbPIh///sGxM9hUILOs
JZRn9UsO8QlrEgMbi2XG4KEZVyQIBdrEWAgL7lvdm/OmRmxS1Q5ixPvBTkwfFWZS
KE320igdKELZI/81vA/W
=Rpc0
-----END PGP SIGNATURE-----
More information about the users
mailing list