7

I have 18.04 installed and I'm using it as jump box to reach other things.

Some of the things I need to access are only reachable via IPv6 and expect me to connect from a specific IPv6 address so my box has a static IPv6 address configured.

For some reason, I can't seem to prevent Ubuntu from generating and preferring privacy IPv6 addresses. This means that when I try to connect to other things, I appear to come from the wrong IPv6 address.

I've configured Netplan with a static IPv6 address (example address shown - I'm not really using that)

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    ens192:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.212.152/25, '2001:0db8:85a3:0000::98/128']
      gateway4: 192.168.212.129
      nameservers:
        search: ['mydomain.local']
        addresses: [192.168.212.141, 192.168.212.142, '2001:0db8:85a3:0000::8d', '2001:0db8:85a3:0000::8e']

I have sysctl configured to not use IPv6 privacy addressing in /etc/sysctl.d/10-ipv6-privacy.conf:

# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
#    0 - don’t use privacy extensions.
#    1 - generate privacy addresses
#    2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0



$ sysctl net.ipv6.conf.ens192.use_tempaddr
net.ipv6.conf.ens192.use_tempaddr = 0

I'm still getting a temporary IPv6 address:

$ ip -6 addr
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:0db8:85a3:0000:20c:29ff:fede:fa42/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 2591895sec preferred_lft 604695sec
    inet6 2001:0db8:85a3:0000::98/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fede:fa42/64 scope link
       valid_lft forever preferred_lft forever

I can delete the privacy address or set it as deprecated but it re-appears whenever I netplan apply or reboot.

Am I doing something wrong or is this a bug?

J Doe
  • 71

2 Answers2

1

I had the same problem. I first tried to disable ipv6 autoconf and accept_ra in sysctl.conf

# sysctl -p
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.lan.autoconf = 0
net.ipv6.conf.lan.accept_ra = 0
net.ipv6.conf.wan.autoconf = 0
net.ipv6.conf.wan.accept_ra = 0

But that did not change anything. Since netplan has some timing problems I disabled accept_ra in netplan yaml file.

/etc/netplan/50-cloud-init.yaml

addresses:
- xxx.xxx.xxx.xxx/24
- xxxx:xxxx:xxxx::xx/64
dhcp4: false
dhcp6: false
accept-ra: false
Thomas Aichinger
  • 3,717
0

Put "accept-ra: false" under the interface configuration in your .yaml-file.

OttoEisen
  • 776