Arch Linux

Urfaust

Member

From: Germany

Registered: 2009-01-30

Posts: 164

[Solved] IPv6 Privacy Extensions

Hi,

my router got a firmware update and is now capable of IPv6. I can see the prefix on the router and my Arch box has an IPv6 adress which contains the MAC adress from the wireless NIC in my notebook (few bits differ). I looked in the wiki and I'm trying to activate Privacy Extensions, I did the steps described here: https://wiki.archlinux.org/index.php/IPv6

Expected behavior is that the host adress part changes. I have this running for a few days but the host adress is always the same. Am I missing something?

Last edited by Urfaust (2011-02-24 19:39:39)

ghen

Member

From: Belgium

Registered: 2010-08-31

Posts: 121

Re: [Solved] IPv6 Privacy Extensions

ifconfig -a?

Urfaust

Member

From: Germany

Registered: 2009-01-30

Posts: 164

Re: [Solved] IPv6 Privacy Extensions

wlan0     Link encap:Ethernet  HWaddr 00:22:FA:XX:XX:XX  
          inet addr:192.168.178.2  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: fd00::222:faff:feXX:XXXX/64 Scope:Global
          inet6 addr: 2002:543a:b7c1:0:222:faff:feXX:XXXX/64 Scope:Global
          inet6 addr: fe80::222:faff:feXX:XXXX/64 Scope:Link

Urfaust

Member

From: Germany

Registered: 2009-01-30

Posts: 164

Re: [Solved] IPv6 Privacy Extensions

Using

net.ipv6.conf.wlan0.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

in /etc/sysctl.conf doesnt work either. I'm using Gnome's NetworkManager by the way which is in "Automatic" Mode for IPv6 connections.

ghen

Member

From: Belgium

Registered: 2010-08-31

Posts: 121

Re: [Solved] IPv6 Privacy Extensions

Well, that all looks good.  But I don't know how networkmanager interacts with it.

Could you stop networkmanager, do /etc/rc.d/network restart, and check again?

(I assume you have actually applied those sysctl's either by rebooting or setting them manually?)

Urfaust

Member

From: Germany

Registered: 2009-01-30

Posts: 164

Re: [Solved] IPv6 Privacy Extensions

Thanks for your help.
It seems to work if I use a wired connection.

eth0      Link encap:Ethernet  HWaddr 00:24:8C:XX:XX:XX  
          inet addr:192.168.178.4  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: fd00::314f:27dd:1362:1fa6/64 Scope:Global
          inet6 addr: 2002:543a:b151:0:314f:27dd:1362:1fa6/64 Scope:Global
          inet6 addr: fd00::224:8cff:feXX:XXXX/64 Scope:Global
          inet6 addr: 2002:543a:b151:0:224:8cff:feXX:XXXX/64 Scope:Global
          inet6 addr: fe80::224:8cff:feXX:XXXX/64 Scope:Link

The first global adress with 2002 prefix is the random one, right? This is also the adress i see when browsing http://www.sixxs.net
This works with networkmanager.
So I have to find out why it won't work with a wireless connection, maybe a bug in networkmanager or wrong settings elsewhere?

EDIT:

LOL, ok. I switched back to the wireless conncetion and now I get a random adress, too. Don't know why it did not work in the first place. I rebooted twice after editing sysctl.conf....

wlan0     Link encap:Ethernet  HWaddr 00:22:FA:XX:XX:XX  
          inet addr:192.168.178.2  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: fd00::61f6:350:ee80:e75a/64 Scope:Global
          inet6 addr: 2002:543a:b151:0:61f6:350:ee80:e75a/64 Scope:Global
          inet6 addr: fd00::222:faff:feXX:XXXX/64 Scope:Global
          inet6 addr: 2002:543a:b151:0:222:faff:feXX:XXXX/64 Scope:Global
          inet6 addr: fe80::222:faff:feXX:XXXX/64 Scope:Link

How often do these adresses change?

Last edited by Urfaust (2011-02-24 19:41:25)

ghen

Member

From: Belgium

Registered: 2010-08-31

Posts: 121

Re: [Solved] IPv6 Privacy Extensions

All IPv6 addresses on an interface have a "preferred lifetime" and "valid lifetime".  You can see those with "ip addr show".

The preferred lifetime is how long an address will be preferred as source for outgoing connections.  For privacy addresses, this is typically in the order of a few hours to 1 day.  After this period, the address will be marked "deprecated" and a new address will be generated, to be used for future connections.

The old address will stay around for longer though (to continue to support open connections, or inbound connections to an older address), until its valid lifetime has expired, after which it will be marked "invalid" and eventually be removed.  This lifetime is typically at least a number of days, up to a week or more.

For static addresses on the other hand, both lifetimes will usually be 0 or "forever".

Last edited by ghen (2011-02-25 09:33:46)

Urfaust

Member

From: Germany

Registered: 2009-01-30

Posts: 164

Re: [Solved] IPv6 Privacy Extensions

Thanks!

I have just one question left. :-)
Why is the fd00:-adress global? I thought these are unique local adresses?

ghen

Member

From: Belgium

Registered: 2010-08-31

Posts: 121

Re: [Solved] IPv6 Privacy Extensions

Unique local addresses have global scope (despite their name), but they are not globally routable.

fe80:: is link-local.  Site-local addresses, which you may be thinking of, are deprecated.