Follow by Email

Blog Archive

Search This Blog

Enable IPv6 Privacy Extensions in Raspbian Wheezy

Share it:
Raspberry Pi Enable IPv6 Privacy Extensions in Raspbian Wheezy
IPv6-Privacy-Extensions-Wheezy
If you have activated IPv6 in Raspberry Pi (Raspbian Wheezy), then all IPv6 addresses are formed from the MAC address (hardware address). Unfortunately, it is always the same, which is why the client or host concerned can be identified by this address. For privacy reasons, that's a problem.

That's why with Privacy Extensions for IPv6, there's an extension that protects privacy. However, this is not always automatically active when IPv6 is switched on or activated.

Of course, Privacy Extensions is only relevant if a router distributes a global prefix within the local network. Otherwise Privacy Extensions will remain inactive even if it is activated in the settings.
  1. Privacy Extensions (IPv6)
Under Raspbian Jessie, IPv6 is on by default and Privacy Extensions is enabled. The following tasks are for Raspbian Wheezy.

Note: There may be several reasons why Privacy Extensions is not active in spite of proper configuration. Privacy Extensions usually does not affect link-local addresses beginning with "fe80". It does not become active even if no global prefix is distributed on the local network or if static IPv6 addresses have been configured for the network interfaces.

task
  • Enable Privacy Extensions.
  • Check if the privacy extension is active.
Solution 1 for Raspbian Wheezy
First, open a configuration file.
sudo nano /etc/sysctl.conf

Here you must insert the following entry:
# Enable IPv6 Privacy Extensions
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2

This entry ensures that Privacy Extensions is activated for "all" network interfaces. If you do not want to enable Privacy Extensions for all, but only for selected interfaces, replace "all" with the name of the interface. For example "eth0" or "wlan0".

Optionally, you can specify how long the temporary addresses generated by Privacy Extensions should be used (value in seconds). It is not discarded immediately, but a new temporary address is created and used for outgoing connections. The old one will be finally discarded later, if for a while no more traffic comes in at this address. This value can be additionally limited with a second value.
# Lifetime (86400 = 24h)
net.ipv6.conf.all.temp_prefered_lft = 86400


# set valid LifeTime (604800 sec = 7 days)
net.ipv6.conf.all.temp_valid_lft = 640800

Then save and close: Ctrl + O, Return, Ctrl + X.

After a restart, the Privacy Extensions should be active.
sudo reboot

A restart is not necessarily required. Reading in the system settings does it too.
sudo sysctl -p /etc/sysctl.conf

However, one should check in any case whether the interfaces have generated a temporary global IPv6 address.
ifconfig

Here, the corresponding interface should have a global IPv6 address. If not, no prefix will be distributed in the local network or Raspberry Pi has not gotten any yet. Here you have to wait maybe one or two minutes and then try again.

If Raspberry Pi then has a global IPv6 address, then there should be an additional global IPv6 address that has no traces of the MAC address. If this address does not exist then Privacy Extensions has not become active. Then you really have a problem!

Solution 2 for Raspbian Wheezy
First of all, check the existing network interfaces. Usually one works with "eth0" or "wlan0". Here you look after the setting of Privacy Extensions.
sudo cat </ proc / sys / net / ipv6 / conf / eth0 / use_tempaddr

Here the command line should output "2". If not, then the default setting was not accepted. In this case you have to make the setting separately for each interface.

So again open the configuration file.
sudo nano /etc/sysctl.conf

Here you have to add the following entry additionally for "eth0":
net.ipv6.conf.eth0.use_tempaddr = 2

And if a WLAN interface is also used for "wlan0":
net.ipv6.conf.wlan0.use_tempaddr = 2

Then save and close: Ctrl + O, Return, Ctrl + X.

And of course, as usual, Reboot is doing well.
sudo reboot

After the restart you have to check again with "ifconfig". If the settings have been applied, then there is also a global temporary IPv6 address, which is used for outgoing connections and changed regularly.

Solution 3 for Raspbian Wheezy (quick and dirty)
If it has not worked out yet, only the mallet method will help. It helps, but is "dirty". To do this, open a configuration file:
sudo nano /etc/rc.local

Here you enter the following line before "exit 0":
for IF in "/ bin / ls / proc / sys / net / ipv6 / conf / * / use_tempaddr"; do echo 2> $ IF; done
Then save, close and reboot.
Share it:

Raspberry Pi

Post A Comment:

0 comments: