2

I see there are a lot of questions about static ipv6, and privacy (like here, here, here, here and here), and I believe I have tried most of the available solutions (or at least those I was able to understand). But it appears old posts comprises some outdated information, and even after implementing the solutions they provide, I am not getting UIE-64 address generation format to work. So I would like to know what is the current best practice to set static ipv6, or what I am missing about it that makes UIE-64 address generation not working in my Ubuntu 22.04 PC.

The context: I want to access an Ubuntu PC remotely via SSH. It’s an Ubuntu 22.04.3 LTS system I am already aware:

  • my ISP allocate dynamic IP (ipv4).
  • it appears the prefix for ipv6 is static.
  • In the router menu, I see dhcp6 is disabled.

Currently, I am already able to ssh access it in my local network using the temporary IPs (both ipv4 and ipv6), by accessing the PC physically (and typing ip addr), copy the IP and using it to access remotely… So, thought the idea is to make it work as headless server, I am not yet able to do so… I am aware of alternatives like searching all IPs in my network (for ipv4 at least) from the remote PC, but I would prefer to have it static. Because later I want to access it from outside my local network.

I noticed it has ipv6 privacy settings set as default in this Ubuntu version, though older posts/questions refer as being off by default. So the ipv6 changes in a periodic basis (one day as default) and comprise random characters and numbers after initial constant prefix.

So I have already learned a lot regarding ipv4. Ipv6, UIE-64 mode, etc. but it appears I am yet missing a lot about the subject.

I am very confused because there are several alternative (complementary? Conflicting?) ways to set the configurations… but I have tried the following:

  • editing the <networkName>.nmconnection file at /etc/NetworkManager/system-connections/. Like described here, editing
    • at [ipv6]
    • modifying addr-gen-mode from stable-privacy to addr-gen-mode=eui64
  • nmcli connection edit <network> following instructions here
    • set ipv6.addr-gen-mode 0
    • set ipv6.ip6-privacy 1
  • edited /etc/sysctl.d/10-ipv6-privacy.conf
    • net.ipv6.conf.all.use_tempaddr = 0
    • net.ipv6.conf.default.use_tempaddr = 0
    • net.ipv6.conf.<wlanCode>.accept_ra = 0
    • net.ipv6.conf.<wlanCode>.autoconf=1
    • net.ipv6.conf.<wlanCode>.use_tempaddr=2
    • I have also tried without the last two lines, or with 0 at the last line (net.ipv6.conf.<wlanCode>.use_tempaddr=0)
  • Edited the .yaml file at /etc/netplan (as described here and here)
    • network: * version: 2 * ethernets: * <WLancode>: * dhcp6: false * ipv6-privacy: off * ipv6-address-generation: eui64 * accept-ra: false * renderer: NetworkManager

I saw some posts manually setting static global ipv6 addresses in the netplan file. I have not yet tried it... Can it be any arbitrary final values (I get the prefix must be the same of the provided by ISP)? I read something about non-temporary Ipv6 being deducted from MAC address…

I understand we do not necessarily need to deactivate ipv6-private, as we can have random/temporary and static global ipv6 at the same time. I have included such configurations after just setting address-generation to eui64 did not work, but did not solve the issue also...

The system was already restarted, and I verified all the definitions above are stored after restarting. But with ip addr, I see yet all ipv6 addresses (except the link local one) are temporary, they have valid_lft set in sec, not forever.

What I understood is that with the configurations above, I am getting a MAC-associated IPv6 link (I got a different link IPv6, it changed), but not a global static IPv6, possibly because of default privacy settings...

So, how can I enable the generation of global eui-64 ipv6 at my Ubuntu 22.04? From the discussion on the posts I have consulted, I suppose it can be solved from Ubuntu side... But if ends up being not an Ubuntu's related question, I am sorry... I can be missing something from router or ISP side that block such settings, as my knowledge on the subject is yet basic...

Any help is appreciated.

hamagust
  • 207

1 Answers1

0

I feel your pain as I am in the same boat :)

My life is further complicated by the fact that I have to enable ip forwarding on some of my internal vm servers, assign static ip addresses based on a delegated ipv6 prefix that may change any time.

After a lot of research, much of it circular and frustrating, I finally found the magic bullet(s?);

in the netplan, I have added the line

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: false
      dhcp6: false
      ipv6-address-token: "::ace:face"
      addresses:
        - <ipv4 static address>
      nameservers: ...

Additionally, following line is added to /etc/sysctl.conf

net.ipv6.conf.eth0.accept_ra=2

The line in sysctl conf forces acceptance of router anouncement (ra) despite the ip forwarding setting. This is essential as the the ra informs us of the delegated prefix.

The line ipv6 address token template in netplan is for generating the ipv6 address that uses the router provided prefix and our specified address to generate the address. So, we end up with an address of the form of

<delegated prefix>::ace:face/<bit length of netmask>

Still not fully static but predictable and I don't have to reconfigure every server when the prefix changes.

Hope this helps.

Salman Siddiqui
  • 101