You are not logged in.

#1 2022-01-08 10:01:34

GaaH2
Member
Registered: 2022-01-08
Posts: 3

[SOLVED] Disable ip-6 privacy in NeworkManager

Hi guys,

I’m self-hosting a few services and I would like to be able to connect to them using ipv6. I am using NetworkManager, which gives me an dynamic ipv6 address. I suppose this is because of privacy concerns, so I tried disablinge everything that is tied to ip6 privacy. So, I added the following lines in my config file:

[connection]
ipv6.addr-gen-mode=eui64
ipv6.ip6-privacy=0

I though it would be sufficient, but no. NetworkManager is still giving me dynamic ipv6 addresses, which is very inconvenient for my use case, since I need to update my DNS everytime I have a new address.
I don’t remember having this issue (well, it is not really an issue in the general case) when I was using netctl, so I will probably switch to netctl if I don’t find a solution, but, for some reasons, I’d like to stick with NetworkManager.

What did I do wrong?

Last edited by GaaH2 (2022-01-12 09:50:33)

Offline

#2 2022-01-08 10:13:38

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: [SOLVED] Disable ip-6 privacy in NeworkManager

https://man.archlinux.org/man/NetworkMa … ON_SECTION

Looks like you need to edit the existing connection profile instead of (or in addition to) the defaults.

Offline

#3 2022-01-08 10:45:14

GaaH2
Member
Registered: 2022-01-08
Posts: 3

Re: [SOLVED] Disable ip-6 privacy in NeworkManager

What? If I understand correctly, you have to set a bunch of default parameters, then you need to explicitely tell in the connections profiles to use the defaults in the config file instead of the NetworkManagers’ defaults value? This is extremely confusing… Anyway, actually I started by editing the per-connection settings, but because it didn’t work, I moved the settings to the global configuration file (in this case /etc/NetworkManager/conf.d/ip6-privacy.conf).

So, I typed

nmcli connection modify 'Connexion filaire 1' ipv6.ip6-privacy 0 ipv6.addr-gen-mode eui64

which (re)created the file /etc/NetworkManager/system-connections/'Connexion filaire 1.nmconnection'. I reloaded NetworkManager and restarted my computer, but

ip addr

still gives me

inet6 my-ip-addr/64 scope global dynamic noprefixroute

.


EDIT: That being said, my ip address has ff::fe, which suggests that autoconfiguration has been done as I intended. Maybe I’m missunderstanding the dynamic tag given by ip addr?

Last edited by GaaH2 (2022-01-08 11:04:34)

Offline

#4 2022-01-08 11:46:09

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [SOLVED] Disable ip-6 privacy in NeworkManager

The dynamic tag says nothing about the privacy extensions. It is used because the IP is dynamically generated from a local part (e.g. EUID) and the prefix received from the router.
If the second half of the IPv6 is mostly identical to the mac address, then you have the fixed ip that only changes when the router gives you a new prefix.

The local part created by ipv6.addr-gen-mode=private should also be stable and always the same as long as you connect to the same network. It only changes when the network is different.

Last edited by progandy (2022-01-08 11:47:47)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#5 2022-01-08 12:02:00

GaaH2
Member
Registered: 2022-01-08
Posts: 3

Re: [SOLVED] Disable ip-6 privacy in NeworkManager

Thank you to both of you.
So, I guess that my problem is solved, if my address is still changing I’ll update this post.

One last question: is there, in this case, any reason to switch to stable-privacy? The benefits seems obvious to me when the computer use several networks, such as, typically, a laptop. But here, my computer is a home server that will not use other networks, except if decide to change my ISP.

Offline

Board footer

Powered by FluxBB