Subj : Raspeberry Pi / SixXS
To   : Michiel van der Vlist
From : Markus Reschke
Date : Sat Oct 03 2015 11:49:20

Hello Michiel!

Oct 03 10:15 2015, Michiel van der Vlist wrote to Paul Hayton:

 MvdV> It may be the privacy extensions. Windows has it enabled by 
 MvdV> default. It means an interface gets at least two public IPv6 
 MvdV> addresses. The one is assigned by SLAAC or DHCP6 and it is the one 
 MvdV> that should be used for incoming connection. The other has its 
 MvdV> suffix assigned random and it is renewed every 24 hours. That is 
 MvdV> the one used for outgoing connections.

On linux you can change the lifetime and the time the address remains usable after a new one is created, i.e. the time until it's discarded completely.

For en/disabling PE and changing the timers you have to simply write the values to:
/proc/sys/net/ipv6/conf/eth0/use_tempaddr  (0: off / 1: assign / 2: prefer) 
/proc/sys/net/ipv6/conf/eth0/temp_valid_lft (time in seconds)
/proc/sys/net/ipv6/conf/eth0/temp_prefered_lft (time in seconds)

 MvdV> Privacy extensions do not make much sense on a fixed connection 
 MvdV> since the prfix does not change and it makes even less sense if the 
 MvdV> host accepts incoming connections and advertises it by en entry in 
 MvdV> the DNS.

I agree, that PE is nonsense for a server. Also SLAAC/DHCPv6 aren't helpful  in this case. But it's not generally a bad idea to enable PE for PCs with a static prefix. SLAAC assigned addresses are based on the NIC's MAC address. If you want to make life a little bit harder for all those trackers, PE comes in handy. And DNS is no real issue since most are used to DynDNS for quite a while. With SLAAC you would have to manage DNS dynamically anyway, because a new NIC (replacement for a broken one, new mainboard) will cause a new IPv6 address. You don't want this to happen for a server.  

My IPv6 prefix is valid for up to 6 months, if the DSL connection stays up and running all the time. But it doesn't due to the telco's maintenance windows and maybe some power outage and what have you. So I had to set up DynDNS anyway. It doesn't matter for me if the address changes every 24h or every few weeks/months, it's monitored and DNS will be updated if necessary.

Regards,
Markus

--- 
 * Origin: *** theca tabellaria *** (2:240/1661)

.