Bug 1257955 - Enabling ipv6 privacy extensions in NetworkManager is not user friendly and deeply hidden in the system
Enabling ipv6 privacy extensions in NetworkManager is not user friendly and d...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
22
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Lubomir Rintel
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-28 09:15 EDT by Sascha Zantis
Modified: 2015-10-04 18:52 EDT (History)
3 users (show)

See Also:
Fixed In Version: NetworkManager-1.0.6-6.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-04 18:52:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sascha Zantis 2015-08-28 09:15:39 EDT
Description of problem:
So I read a little about ipv6 today and decided to test a few things on my Fedora laptop. I have an ipv6 capable wifi hotspot at the university so I connected to it and checked some things concerning privacy extensions. The "old" way to enable privacy extensions (which are not enabled by default, whyever) is putting 

net.ipv6.conf.wlp3s0.use_tempaddr=2

in /etc/sysctl.conf (or whichever equivalent file), reboot, done.

Well, checking my ip address after doing so showed me that the privacy extensions were not enabled. After digging around for quite a while, I found out that the _only_ way to enable the privacy extensions is editing 

/etc/sysconfig/network-scripts/ifcfg-<your-connection> 

and putting the line 

IPV6_PRIVACY=rfc3041

in it. The only place where this is documented is https://fedoraproject.org/wiki/Tools/NetworkManager/IPv6

I read about that behaviour in some other bug reports and found a RHEL bug (https://bugzilla.redhat.com/show_bug.cgi?id=1187525) which links to a commit that enables privacy extensions by default (http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=2f51ba50df8341370ab1f480f9ec6d60cd32ece2). 

The NetworkManager version in Fedora is 1.0.2, so I would think that the patch would be integrated in Fedora an privacy extensions would be enabled by default, which would be a much better default behaviour in my opinion.

Version-Release number of selected component (if applicable):
1.0.2

How reproducible:
Always

Regards,
Sascha
Comment 1 Pavel Šimerda (pavlix) 2015-08-28 09:49:41 EDT
(In reply to Sascha Zantis from comment #0)
> The NetworkManager version in Fedora is 1.0.2, so I would think that the
> patch would be integrated in Fedora an privacy extensions would be enabled
> by default, which would be a much better default behaviour in my opinion.

Many people in the past have expressed concerns regarding privacy extensions by default. I don't have the details right know and I'm not sure whether it was related to problems with privacy extensions themselves, or whether it was related to buggy Linux implementation of thereof or whatever reasons they had.

It should be possible to google for various resources regarding the defaults in common distributions.
Comment 2 Fedora Update System 2015-08-28 09:53:58 EDT
NetworkManager-1.0.6-2.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 3 Fedora Update System 2015-09-02 12:21:53 EDT
NetworkManager-1.0.6-2.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager-openvpn NetworkManager-vpnc NetworkManager NetworkManager-openswan'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 4 Fedora Update System 2015-09-08 07:14:57 EDT
NetworkManager-1.0.6-3.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 5 Fedora Update System 2015-09-08 17:26:36 EDT
NetworkManager-1.0.6-4.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-openswan NetworkManager-vpnc'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 6 Fedora Update System 2015-09-28 17:01:18 EDT
NetworkManager-1.0.6-6.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 7 Fedora Update System 2015-10-01 23:49:40 EDT
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update NetworkManager-openswan network-manager-applet NetworkManager NetworkManager-openvpn NetworkManager-vpnc'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143
Comment 8 Fedora Update System 2015-10-04 18:52:23 EDT
NetworkManager-1.0.6-6.fc22, NetworkManager-openswan-1.0.6-2.fc22, NetworkManager-openvpn-1.0.6-3.fc22, NetworkManager-vpnc-1.0.6-3.fc22, network-manager-applet-1.0.6-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.