Howto enable IPv6 privacy extensions
Patrick Lists
fedora-list at puzzled.xs4all.nl
Fri Jan 4 13:41:10 UTC 2013
On 01/04/2013 07:34 AM, staticsafe wrote:
> On 1/4/2013 1:30, Patrick Lists wrote:
>> Hi all,
>>
>> On an up-to-date F17 x86_64 box I was testing IPv6 and it was pointed
>> out that the IPv6 address that Fedora uses is traceable because it ends
>> in the MAC address of the nic. I don't like that and want to enable
>> privacy extensions which should replace the MAC address with some random
>> stuff in the IPv6 address.
>>
>> I added the following to /etc/sysctl.d/ipv6_privacy_extensions and
>> rebooted:
>>
>> net.ipv6.conf.default.use_tempaddr = 1
>> net.ipv6.conf.default.temp_prefered_lft = 7200
>>
>> Unfortunately this does not work as I don't see an IPv6 address with
>> "scope global dynamic" and if I go to http://ip6.nl then it still shows
>> my IPv6 address with the MAC address in it.
>>
>> Anyone know how to make this work?
>>
>> Thanks,
>> Patrick
>
> According to my Googling, net.ipv6.conf.default.use_tempaddr should have
> a value of 2, not 1.
>
> According to the Arch wiki [0] also:
>
> # Enable IPv6 Privacy Extensions
> net.ipv6.conf.all.use_tempaddr = 2
> net.ipv6.conf.default.use_tempaddr = 2
> net.ipv6.conf.<nic0>.use_tempaddr = 2
> ...
> net.ipv6.conf.<nicN>.use_tempaddr = 2
>
> [0] - https://wiki.archlinux.org/index.php/IPv6
Thank you for your suggestion. I fixed the value of those settings and
rebooted but still no joy. I am not using NetworkManager. Using network
instead with a bridged br0 interface because I have several VMs on this
box. Maybe that is messing things up or maybe the AVM Fritz!Box ADSL
modem handing out the IPv6 addresses is to blame for not handling this
properly.
Regards,
Patrick
More information about the users
mailing list