Prevent Fedora OS from violating my privacy with static EUI-64 ipv6 address
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
# cat /etc/redhat-release
Fedora release 26 (Twenty Six)
# ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
# vi /etc/sysconfig/network-scripts/ifcfg-devName
IPV6_PRIVACY=yes
[or]
IPV6_PRIVACY=rfc4941
# vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# vi /etc/NetworkManager/NetworkManager.conf
[connection]
ipv6.ip6-privacy=2
# ip address flush dev devName
# reboot
a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)
if I change the MAC address in the config file to something random
# vi /etc/sysconfig/network-scripts/ifcfg-devName
HWADDR=00:12:34:56:78:9A
It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).
How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?
fedora ipv6
asked Sep 25 '17 at 20:49
Micheal Avery
161
add a comment |Â
up vote
3
down vote
favorite
# cat /etc/redhat-release
Fedora release 26 (Twenty Six)
# ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
# vi /etc/sysconfig/network-scripts/ifcfg-devName
IPV6_PRIVACY=yes
[or]
IPV6_PRIVACY=rfc4941
# vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# vi /etc/NetworkManager/NetworkManager.conf
[connection]
ipv6.ip6-privacy=2
# ip address flush dev devName
# reboot
a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)
if I change the MAC address in the config file to something random
# vi /etc/sysconfig/network-scripts/ifcfg-devName
HWADDR=00:12:34:56:78:9A
It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).
How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?
fedora ipv6
asked Sep 25 '17 at 20:49
Micheal Avery
161
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
# cat /etc/redhat-release
Fedora release 26 (Twenty Six)
# ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
# vi /etc/sysconfig/network-scripts/ifcfg-devName
IPV6_PRIVACY=yes
[or]
IPV6_PRIVACY=rfc4941
# vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# vi /etc/NetworkManager/NetworkManager.conf
[connection]
ipv6.ip6-privacy=2
# ip address flush dev devName
# reboot
a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)
if I change the MAC address in the config file to something random
# vi /etc/sysconfig/network-scripts/ifcfg-devName
HWADDR=00:12:34:56:78:9A
It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).
How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?
fedora ipv6
asked Sep 25 '17 at 20:49
Micheal Avery
161
# cat /etc/redhat-release
Fedora release 26 (Twenty Six)
# ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
# vi /etc/sysconfig/network-scripts/ifcfg-devName
IPV6_PRIVACY=yes
[or]
IPV6_PRIVACY=rfc4941
# vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# vi /etc/NetworkManager/NetworkManager.conf
[connection]
ipv6.ip6-privacy=2
# ip address flush dev devName
# reboot
a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)
if I change the MAC address in the config file to something random
# vi /etc/sysconfig/network-scripts/ifcfg-devName
HWADDR=00:12:34:56:78:9A
It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).
How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?
fedora ipv6
fedora ipv6
asked Sep 25 '17 at 20:49
Micheal Avery
161
asked Sep 25 '17 at 20:49
Micheal Avery
161
asked Sep 25 '17 at 20:49
Micheal Avery
161
asked Sep 25 '17 at 20:49
Micheal Avery
161
asked Sep 25 '17 at 20:49
Micheal Avery
161
161
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
-1
down vote
https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.
https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?
answered Sep 25 '17 at 21:45
Lizardx
1,581410
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
-1
down vote
https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.
https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?
answered Sep 25 '17 at 21:45
Lizardx
1,581410
add a comment |Â
up vote
-1
down vote
https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.
https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?
answered Sep 25 '17 at 21:45
Lizardx
1,581410
add a comment |Â
up vote
-1
down vote
up vote
-1
down vote
https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.
https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?
answered Sep 25 '17 at 21:45
Lizardx
1,581410
https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.
https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?
answered Sep 25 '17 at 21:45
Lizardx
1,581410
answered Sep 25 '17 at 21:45
Lizardx
1,581410
answered Sep 25 '17 at 21:45
Lizardx
1,581410
answered Sep 25 '17 at 21:45
Lizardx
1,581410
1,581410
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394408%2fprevent-fedora-os-from-violating-my-privacy-with-static-eui-64-ipv6-address%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
