Packages

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug report
  • Category core
  • Assigned To No-one
  • Operating System
  • Severity High
  • Priority Normal
  • Reported Version Stable
  • Due in Version Undecided
  • Due Date Undecided
Attached to Project: Packages
Opened by Janek (phoerious) - 2015-10-29

FS#1179 - IPv6 privacy extensions not working

Description:
For some reason, IPv6 privacy extensions are not working.

In /etc/sysctl.d I have the following configuration:

net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.enp0s25.use_tempaddr=2
net.ipv6.conf.enp3s0.use_tempaddr=2

enp3s0 is my main network port.

Additionally, I configured NetworkManager (which overrides sysctl configurations) to enable privacy extensions:

[ipv6]
dns-search=
ip6-privacy=2
may-fail=false
method=auto

After establishing a network connection, I can verify that privacy extensions are enabled with:

cat /proc/sys/net/ipv6/conf/enp3s0/use_tempaddr

which outputs "2" or

sysctl net.ipv6.conf.enp3s0.use_tempaddr

which outputs "net.ipv6.conf.enp3s0.use_tempaddr = 2". So in theory it should work, but it doesn't. ip -6 addr still only shows one global and one link-local address. When I search for "my ip address" on Google, it also shows my static IPv6 address.


Additional information:
* Discussion on the same topic has taken place on the forums: https://chakraos.org/forum/viewtopic.php?pid=87378 but without any results
* The issue has been there for several months now, so it shouldn't be a problem with any test kernel builds

This task does not depend on any other tasks.

Luca Giambonini (AlmAck)
Friday, 30 October 2015, 22:40 GMT
the kernel "CONFIG_IPV6_PRIVACY" in the latest kernel 4.x has been removed and is now enabled by default:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d9efa7ee99eed58388f186c13cf2e2a87e9ceb4

I' not an expert on IPv6, I never tried. You ever been able to have a working IPv6 connection with an other distro? you don't use the systemd-networkd service, right?
Janek (phoerious)
Saturday, 31 October 2015, 00:31 GMT
I know that it's been removed and enabled by default.
And yes, I was able to use IPv6 privacy extensions successfully before. In fact, I had it working on Chakra. I don't use networkd (at least not that I know of, that service is not running). What I use is NetworkManager. I know it worked before, but I don't know when exactly it stopped working. It must have been somewhere in 3.x, several months ago.
Janek (phoerious)
Saturday, 19 December 2015, 13:47 GMT
Any progress on this?
Luca Giambonini (AlmAck)
Sunday, 20 December 2015, 11:08 GMT
I can't try here, still on IP4 and I don't know how to help you. The only difference I saw from Arch is that we have CONFIG_IPV6_MROUTE disabled, but should not affect the privacy settings.

If the command "sysctl net.ipv6.conf.enp3s0.use_tempaddr" return 2, I don't understand why should not work. Do you have some special command in grub regarding IPv6?

http://ip.bieringer.de/
https://home.regit.org/2011/04/ipv6-privacy/


Janek (phoerious)
Sunday, 20 December 2015, 14:20 GMT
No, I don't.

journalctl reports

Dec 20 14:02:37 altair systemd-sysctl[260]: Couldn't write '2' to 'net/ipv6/conf/enp3s0/use_tempaddr', ignoring: No such file or directory
Dec 20 14:02:37 altair systemd-sysctl[260]: Couldn't write '2' to 'net/ipv6/conf/enp0s25/use_tempaddr', ignoring: No such file or directory

at some point, but it looks like this is when booting the system, i.e. at a point where the device is not ready. After that, the value of 2 is set and since I'm using NetworkManager, it's overridden anyway.
Preferred lifetime is 86400, but no temporary addresses are generated.

Loading...