tobyaw: (Church Square)
posted by [personal profile] tobyaw at 05:33pm on 04/11/2013 under , , , ,

As a follow-up to my previous post about turning off RFC4941 IPv6 temporary addresses, here are the instructions, tested with the current versions of the operating systems (OS X Mavericks, Ubuntu 13.10, Windows 8).

On OS X, run “sysctl -w net.inet6.ip6.use_tempaddr=0” to make an immediate change, and add “net.inet6.ip6.use_tempaddr=0” to /etc/sysctl.conf for a permanent change.

On Ubuntu, run “sysctl -w net.ipv6.conf.all.use_tempaddr=0” to make an immediate change, and add “net.ipv6.conf.all.use_tempaddr=0” to /etc/sysctl.conf for a permanent change.

On Windows, run the following and restart:
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

location: St Andrews, Scotland
tobyaw: (Default)
posted by [personal profile] tobyaw at 05:11pm on 08/06/2012 under ,
A week into using IPv6 with Andrews & Arnold, I haven’t run into any major problems. The initial setup was very easy, and online information is good. The majority of the devices on my network happily found themselves IPv6 addresses, although it was good motivation to check that everything was up-to-date ([livejournal.com profile] qidane upgraded the firmware on the Ubiquiti NanoStations that provide the bridge down the road to his house).

With IPv6, devices can assign themselves an IP address based on a combination of the locally-advertised router prefix (in my case, the first 64 bits of my IPv6 allocation), combined with a mapping of the interface’s MAC address. This is straightforward, reliable, and removes the need for DHCP in address assignment (although DHCP — or other means — is still required for handing out DNS information to clients).

Unfortunately, this has the downside of embedding one’s MAC address in one’s IP address, which could allow tracking of devices across networks. To combat this, modern operating systems use privacy addresses alongside the auto-configured addresses. Devices use their auto-configured address for incoming traffic, but send data out from a randomised, temporary, IPv6 address.

Which is all very fine, but makes tracking network usage rather frustrating, particularly with a lot of devices on the network (across the two houses). Andrews & Arnold provide a handy page showing inbound and outbound bandwidth usage for each IP address on my network, but I can’t determine the device behind the temporary addresses on the list. I want all of my devices to have static addresses on my network, and to have sensible reverse DNS.

RFC4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6” (section 3.6) says:
Devices implementing this specification MUST provide a way for the end user to explicitly enable or disable the use of temporary addresses. In addition, a site might wish to disable the use of temporary addresses in order to simplify network debugging and operations. Consequently, implementations SHOULD provide a way for trusted system administrators to enable or disable the use of temporary addresses.


The temporary addresses can be switched off easily enough on the computers:

  • On Mac OS X Lion, run “sysctl -w net.inet6.ip6.use_tempaddr=0” to make an immediate change, and add “net.inet6.ip6.use_tempaddr=0” to /etc/sysctl.conf for a permanent change.

  • On Windows 7, run the following and restart:
    netsh interface ipv6 set privacy state=disabled store=active
    netsh interface ipv6 set privacy state=disabled store=persistent
    netsh interface ipv6 set global randomizeidentifiers=disabled store=active
    netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent



But I can’t see a way to turn off the use of temporary addresses on my iOS devices, or as a general network policy.

Maybe the answer is to run a DHCPv6 server.
location: St Andrews, Scotland
tobyaw: (Frogmarch 2002 - Whitby)
posted by [personal profile] tobyaw at 05:07pm on 06/06/2012 under
Happy World IPv6 Launch day.

Have you made the move into the 1990s with IPv6, or are you still using the 1970s technology of IPv4?
location: St Andrews, Scotland

Links

June

SunMonTueWedThuFriSat
        1
 
2
 
3
 
4
 
5
 
6 7
 
8
 
9 10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30