{"id":103,"date":"2011-03-19T15:16:18","date_gmt":"2011-03-19T21:16:18","guid":{"rendered":"http:\/\/www.ipcalypse.ca\/?p=103"},"modified":"2011-03-24T07:42:41","modified_gmt":"2011-03-24T13:42:41","slug":"enable-ipv6-privacy-extensions-on-ubuntu","status":"publish","type":"post","link":"https:\/\/www.ipcalypse.ca\/?p=103","title":{"rendered":"Enable IPv6 Privacy Extensions on Ubuntu"},"content":{"rendered":"

With SLAAC<\/a>, your MAC address is embedded into your IPv6 address. When you connect to the world, you’re giving them something that can be traced back to you (or at least a piece of hardware you have). RFC3041<\/a> was created to help address this privacy issue. It’s since been obsoleted by RFC4941<\/a>. The Linux kernel does support these RFCs, but most distributions do not turn it on by default. While the below was tested on Ubuntu, it should theoretically work for most flavors of Linux.<\/p>\n

First, determine which interface(s) you want to enable the privacy extensions:<\/p>\n

\r\n$ ifconfig\r\neth2      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  \r\n          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0\r\n          inet6 addr: 2001:db8::xxxx:xxff:fexx:xxxx\/64 Scope:Global\r\n          inet6 addr: fe80::xxxx:xxff:fexx:xxxx\/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:6547155 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:3594147 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000 \r\n          RX bytes:9470877266 (9.4 GB)  TX bytes:313893925 (313.8 MB)\r\n          Interrupt:42 Base address:0xe000 \r\n\r\nlo        Link encap:Local Loopback  \r\n          inet addr:127.0.0.1  Mask:255.0.0.0\r\n          inet6 addr: ::1\/128 Scope:Host\r\n          UP LOOPBACK RUNNING  MTU:16436  Metric:1\r\n          RX packets:859192 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:859192 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:0 \r\n          RX bytes:418471854 (418.4 MB)  TX bytes:418471854 (418.4 MB)\r\n<\/code><\/pre>\n
In my case it’s eth2 (and no, I don’t know what happened to eth0 and eth1 ;).<\/p>\n
Add the following lines to \/etc\/sysctl.conf:
\n
\nnet.ipv6.conf.eth2<\/strong>.use_tempaddr = 2
\nnet.ipv6.conf.all.use_tempaddr = 2
\nnet.ipv6.conf.default.use_tempaddr = 2
\n<\/code>
\n*Note that the first line could (and most likely would) be different for your particular set up.<\/p>\n
after that, restart your network (or if you like, restart your computer altogether) and you should see a new address<\/p>\n
\r\n$ ifconfig\r\neth2      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  \r\n          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0\r\n          inet6 addr: 2001:db8::xxxx:xxff:fexx:xxxx\/64 Scope:Global\r\n          inet6 addr: fe80::xxxx:xxff:fexx:xxxx\/64 Scope:Link\r\n          inet6 addr: 2001:db8::9dd7:675f:8d2b:d78a\/64 Scope:Global<\/b>\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:6565518 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:3607197 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000 \r\n          RX bytes:9493464492 (9.4 GB)  TX bytes:315035089 (315.0 MB)\r\n          Interrupt:42 Base address:0xe000 \r\n\r\nlo        Link encap:Local Loopback  \r\n          inet addr:127.0.0.1  Mask:255.0.0.0\r\n          inet6 addr: ::1\/128 Scope:Host\r\n          UP LOOPBACK RUNNING  MTU:16436  Metric:1\r\n          RX packets:861796 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:861796 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:0 \r\n          RX bytes:419488499 (419.4 MB)  TX bytes:419488499 (419.4 MB)\r\n<\/code><\/pre>\n
Outgoing connections will now use the new “random” ipv6 address.  You can verify by going to http:\/\/test-ipv6.com<\/a><\/p>\nY LymiWXuLXfUpt nWc lTEmjB LVfPt<\/a>","protected":false},"excerpt":{"rendered":"
With SLAAC, your MAC address is embedded into your IPv6 address. When you connect to the world, you’re giving them something that can be traced back to you (or at least a piece of hardware you have). RFC3041 was created to help address this privacy issue. It’s since been obsoleted by RFC4941. The Linux kernel […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,7],"tags":[],"class_list":["post-103","post","type-post","status-publish","format-standard","hentry","category-ipv6","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/posts\/103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=103"}],"version-history":[{"count":21,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions\/122"}],"wp:attachment":[{"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ipcalypse.ca\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}