HowTo: Control privacy addressing for IPv6 in Linux

It seems that some people didn’t like their MAC address being magically used as part of their IPv6 address, and so some bright spark created the concept of privacy addresses – see RFC3041

However sometimes we need to be able to control the behaviour, sometimes we want to enable them and sometimes we want to disable them.

Under Linux we can do this by altering values in sysctl, these are documented in ip-sysctl.txt

use_tempaddr – INTEGER
Preference for Privacy Extensions (RFC3041).
<= 0 : disable Privacy Extensions == 1 : enable Privacy Extensions, but prefer public addresses over temporary addresses. > 1 : enable Privacy Extensions and prefer temporary
addresses over public addresses.
Default: 0 (for most devices)
-1 (for point-to-point devices and loopback devices)

temp_valid_lft – INTEGER
valid lifetime (in seconds) for temporary addresses.
Default: 604800 (7 days)

temp_prefered_lft – INTEGER
Preferred lifetime (in seconds) for temporary addresses.
Default: 86400 (1 day)

In order to disable privacy extensions for all interfaces add the following into /etc/sysctl.conf

net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0

To enable privacy extensions for all interfaces add the following

net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2

To control privacy extensions for a specific interface you can specify the interface in the line eg.

net.ipv6.conf.eth0.use_tempaddr=0

Note that a change to sysctl.conf is only effective on boot.
To make a change happen immediately use the command line:

sysctl net.ipv6.conf.all.use_tempaddr=2
sysctl net.ipv6.conf.default.use_tempaddr=2

Leave a Reply