Description of problem:
By default, privacy extensions are disabled when IPv6 is enabled. IMO this is bad default, privacy extensions should be enabled by default with default preference to public address, as specified in:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. enable ipv6 in IPv6 SLAAC-enabled connection
2. look at "IPv6 Privacy extensions" setting, look at v6 addresses on the interface
"Disabled", only public and link-local v6 addresses are configured
"Enabled (prefer public address)", link-local, public and temporary addresses are configured.
you can easily do:
nmcli connection modify $connection ipv6.ip6-privacy [1,2]
Nevertheless, this says nothing about the defaults.
(In reply to Vladimir Benes from comment #1)
> you can easily do:
> nmcli connection modify $connection ipv6.ip6-privacy [1,2]
> Nevertheless, this says nothing about the defaults.
Yeah. Doing it for each and every connection is pretty onerous and forgetting-prone. The default settings should be good.
Upstream merged http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=18ecf48d7a9d03194db1b65ef46e386284426f89
With those patches, you can now configure ipv6.ip6-privacy
2) fallback to NM-wide config in NetworkManager.conf
3) fallback to /proc/sys/net/ipv6/conf/default/use_tempaddr
We no longer read the static files /etc/sysctl.conf and /lib/sysctl.d/sysctl.conf as we used to.
But instead we fallback to /proc/sys/net/ipv6/conf/default/use_tempaddr (3), which means that the ultimate default-value is not determined by the NetworkManager.conf package.
That has the advantage, that the same default value is used for autoconf in kernel (accept_ra).
I prefer that NM does not define it's own default-value, but falls back to other configuration.
To fix this bug for NM, we need the upstream mentioned patches 18ecf48d.
But note that the ~default~ value is still not determined by NM package.
With this to configure a default-value either:
a) put a file /etc/NetworkManager/conf.d/01-default-ip6-privacy.conf:
b) or a file /etc/sysctl.d/99-default-ip6-privacy.conf:
How does that sound?
The change is now also in nm-1-0 branch which will make it to RHEL 7.2.
Default privacy can now be configured system wide or per connection on all supported architectures.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.