Ubuntu 16.04
Tore Anderson
tore at fud.no
Sat Apr 23 15:02:33 CEST 2016
Hi again,
> Ubuntu (at least previous versions) hard-codes privacy extensions to be
> on and preferred, overriding any user configuration to the contrary in
> NM or /etc/network/interfaces.
For the record, this has actually been fixed in 16.04, probably as a
side-effect of changing to systemd. Now the sysctls get loaded before
the network is brought up, so if you explicitly configure "privext 0"
in /etc/network/interfaces or "ipv6.ip6-privacy 0" in nmcli con edit
<foo>, that device-specific setting does not get overwritten later on
in the boot process.
> > I used to administrate this device using its EUI64 based SLAAC
> > address, which was stable across reboots. Now with 16.04, I get two
> > addresses, none of them stable across reboots.
> >
> > Anyone know what the thought is behind this? I want to continue using
> > SLAAC and I'm fine with privacy extension addresses over time, but I
> > want a single stable address across reboots.
>
> Are you 100% sure one of the addresses isn't stable? NM-1.2 defaults to
> using RFC7217 IID instead of EUI-64, and I believe Ubuntu 16.04 ships
> with a NM-1.2 or (or a release candidate).
I was able to reproduce the issue. I'm guessing you're using a wired
ethernet with no explicitly saved connection profile? When NM
auto-creates an ephemeral connection profile, it gets an equally
ephemeral UUID. The RFC7217 implementation in NM derives the UUID from
the connection profile (amongst other things), which means the results
of the algorithm - the IID - isn't stable at all.
https://bugzilla.gnome.org/show_bug.cgi?id=765464
You can work around this by saving the connection profile, e.g.:
$ nmcli con edit 'Wired connection 1' # the name might be localised
nmcli> save
Alternatively, if you don't want RFC7212 addresses at all and prefer
the previous behaviour, you can do:
nmcli> set ipv6.addr-gen-mode eui64
Tore
More information about the ipv6-ops
mailing list