Bug 1257955

Summary: Enabling ipv6 privacy extensions in NetworkManager is not user friendly and deeply hidden in the system
Product: [Fedora] Fedora Reporter: Sascha Zantis <sascha.zantis>
Component: NetworkManagerAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dcbw, lkundrak, psimerda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: NetworkManager-1.0.6-6.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-04 22:52:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sascha Zantis 2015-08-28 13:15:39 UTC 
Description of problem:
So I read a little about ipv6 today and decided to test a few things on my Fedora laptop. I have an ipv6 capable wifi hotspot at the university so I connected to it and checked some things concerning privacy extensions. The "old" way to enable privacy extensions (which are not enabled by default, whyever) is putting 

net.ipv6.conf.wlp3s0.use_tempaddr=2

in /etc/sysctl.conf (or whichever equivalent file), reboot, done.

Well, checking my ip address after doing so showed me that the privacy extensions were not enabled. After digging around for quite a while, I found out that the _only_ way to enable the privacy extensions is editing 

/etc/sysconfig/network-scripts/ifcfg-<your-connection> 

and putting the line 

IPV6_PRIVACY=rfc3041

in it. The only place where this is documented is https://fedoraproject.org/wiki/Tools/NetworkManager/IPv6

I read about that behaviour in some other bug reports and found a RHEL bug (https://bugzilla.redhat.com/show_bug.cgi?id=1187525) which links to a commit that enables privacy extensions by default (http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=2f51ba50df8341370ab1f480f9ec6d60cd32ece2). 

The NetworkManager version in Fedora is 1.0.2, so I would think that the patch would be integrated in Fedora an privacy extensions would be enabled by default, which would be a much better default behaviour in my opinion.

Version-Release number of selected component (if applicable):
1.0.2

How reproducible:
Always

Regards,
Sascha
Comment 1 Pavel Šimerda (pavlix) 2015-08-28 13:49:41 UTC 
(In reply to Sascha Zantis from comment #0)
> The NetworkManager version in Fedora is 1.0.2, so I would think that the
> patch would be integrated in Fedora an privacy extensions would be enabled
> by default, which would be a much better default behaviour in my opinion.

Many people in the past have expressed concerns regarding privacy extensions by default. I don't have the details right know and I'm not sure whether it was related to problems with privacy extensions themselves, or whether it was related to buggy Linux implementation of thereof or whatever reasons they had.

It should be possible to google for various resources regarding the defaults in common distributions.
Comment 2 Fedora Update System 2015-08-28 13:53:58 UTC 
NetworkManager-1.0.6-2.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 3 Fedora Update System 2015-09-02 16:21:53 UTC 
NetworkManager-1.0.6-2.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager-openvpn NetworkManager-vpnc NetworkManager NetworkManager-openswan'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 4 Fedora Update System 2015-09-08 11:14:57 UTC 
NetworkManager-1.0.6-3.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 5 Fedora Update System 2015-09-08 21:26:36 UTC 
NetworkManager-1.0.6-4.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-openswan NetworkManager-vpnc'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 6 Fedora Update System 2015-09-28 21:01:18 UTC 
NetworkManager-1.0.6-6.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 7 Fedora Update System 2015-10-02 03:49:40 UTC 
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update NetworkManager-openswan network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-vpnc'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 8 Fedora Update System 2015-10-04 22:52:23 UTC 
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.