Howto enable IPv6 privacy extensions
Patrick Lists
fedora-list at puzzled.xs4all.nl
Fri Jan 4 13:45:53 UTC 2013
On 01/04/2013 11:27 AM, Gabriel VLASIU wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Fri, 4 Jan 2013, Patrick Lists wrote:
>
>> On an up-to-date F17 x86_64 box I was testing IPv6 and it was pointed out that
>> the IPv6 address that Fedora uses is traceable because it ends in the MAC
>> address of the nic. I don't like that and want to enable privacy extensions
>> which should replace the MAC address with some random stuff in the IPv6
>> address.
>>
>> I added the following to /etc/sysctl.d/ipv6_privacy_extensions and rebooted:
>>
>> net.ipv6.conf.default.use_tempaddr = 1
>> net.ipv6.conf.default.temp_prefered_lft = 7200
>>
>> Unfortunately this does not work as I don't see an IPv6 address with "scope
>> global dynamic" and if I go to http://ip6.nl then it still shows my IPv6
>> address with the MAC address in it.
>>
>> Anyone know how to make this work?
>
> Add:
>
> IPV6_PRIVACY=rfc3041
>
> to /etc/sysconfig/network-scripts/ifcfg-nicN
>
> Restart the network service (I never tested this with NetworkManager).
Thank you for your suggestion. I added it to both ifcfg-p21p1 and
ifcfg-br0 and rebooted but still no joy. I'm using network (not
NetworkManager) and a bridged interface br0 because of several VMs on
this box. Maybe that is causing this not to work or my AVM Fritz!box
ADSL modem which hands out the IPv6 addresses.
Regards,
Patrick
More information about the users
mailing list