:: Re: [DNG] IPv6 slow on one of my Li…
Pàgina inicial
Delete this message
Reply to this message
Autor: Simon
Data:  
A: Devuan ML
Assumpte: Re: [DNG] IPv6 slow on one of my Linux hosts
Gregory Nowak via Dng <dng@???> wrote:
>
> On Sun, Nov 19, 2023 at 07:49:04AM -0600, Michael S. Keller via Dng wrote:
>> On 2023-11-18 10:28, Simon wrote:
>>> Out of curiosity, in what way does it look “very different” ?
>>> You should get an address (or addresses*) in the same prefix, though of
>>> course some other information will change to reflect the different
>>> assignment method in use. As I said, I’m no guru with this, so it’s of
>>> interest to see how “stuff I haven’t done” looks (I’ve only used SLAAC
>>> and static configs).
>>
>> Exactly as you described. The last 64 bits were very different, apparently
>> reflecting the different assignment method. Now they incorporate some of the
>> MAC address, where before they didn't.
>
> That's as it should be if using inet6 auto in interfaces. If you would
> prefer not to let every machine in the world uniquely identify your
> machine's network interface, you can use a temporary random IPv6
> address for outbound connections. To do that:
>
> sysctl net.ipv6.conf.all.use_tempaddr = 2
>
> If you want that to persist across reboots, create a file like:
>
> /etc/sysctl.d/local.conf
>
> and put the above line into it. Your interfaces will now get two IPv6
> addresses, the ui64 address based on your MAC for inbound connections,
> and a temporary random address for the last 64 bits used for outbound
> connections.


I respectfully disagree - just don’t use EUI-64, there’s no need to willingly hand out yet another bit of information about your systems.
I found this page https://www.nullzero.co.uk/ipv6-slaac-host-os-address-allocation/ and note that Debian 10 is the ONLY one of those listed as being a decade behind the times. If you need inbound connections, make a static address with random IID and add that in addition to the privacy-enabled SLAAC address.
Sorry, no, I don’t know the magical incantations needed - but I found lots of pages referring to network manager.

PS - if you run multiple public services, feel free to bind them to totally different IP addresses. Depending on your needs and preferences of course.

Simon