Prevent Fedora OS from violating my privacy with static EUI-64 ipv6 address

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
1












# cat /etc/redhat-release 
Fedora release 26 (Twenty Six)
# ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
# vi /etc/sysconfig/network-scripts/ifcfg-devName
IPV6_PRIVACY=yes
[or]
IPV6_PRIVACY=rfc4941
# vi /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
# vi /etc/NetworkManager/NetworkManager.conf
[connection]
ipv6.ip6-privacy=2
# ip address flush dev devName
# reboot


a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)



if I change the MAC address in the config file to something random



# vi /etc/sysconfig/network-scripts/ifcfg-devName
HWADDR=00:12:34:56:78:9A


It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).



How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?










share|improve this question

























    up vote
    3
    down vote

    favorite
    1












    # cat /etc/redhat-release 
    Fedora release 26 (Twenty Six)
    # ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
    # vi /etc/sysconfig/network-scripts/ifcfg-devName
    IPV6_PRIVACY=yes
    [or]
    IPV6_PRIVACY=rfc4941
    # vi /etc/sysctl.d/99-sysctl.conf
    net.ipv6.conf.all.use_tempaddr=2
    net.ipv6.conf.default.use_tempaddr=2
    # vi /etc/NetworkManager/NetworkManager.conf
    [connection]
    ipv6.ip6-privacy=2
    # ip address flush dev devName
    # reboot


    a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)



    if I change the MAC address in the config file to something random



    # vi /etc/sysconfig/network-scripts/ifcfg-devName
    HWADDR=00:12:34:56:78:9A


    It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).



    How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?










    share|improve this question























      up vote
      3
      down vote

      favorite
      1









      up vote
      3
      down vote

      favorite
      1






      1





      # cat /etc/redhat-release 
      Fedora release 26 (Twenty Six)
      # ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
      # vi /etc/sysconfig/network-scripts/ifcfg-devName
      IPV6_PRIVACY=yes
      [or]
      IPV6_PRIVACY=rfc4941
      # vi /etc/sysctl.d/99-sysctl.conf
      net.ipv6.conf.all.use_tempaddr=2
      net.ipv6.conf.default.use_tempaddr=2
      # vi /etc/NetworkManager/NetworkManager.conf
      [connection]
      ipv6.ip6-privacy=2
      # ip address flush dev devName
      # reboot


      a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)



      if I change the MAC address in the config file to something random



      # vi /etc/sysconfig/network-scripts/ifcfg-devName
      HWADDR=00:12:34:56:78:9A


      It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).



      How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?










      share|improve this question













      # cat /etc/redhat-release 
      Fedora release 26 (Twenty Six)
      # ip token set ::DEAD:BABE:BEEF:CAFE/64 dev devName
      # vi /etc/sysconfig/network-scripts/ifcfg-devName
      IPV6_PRIVACY=yes
      [or]
      IPV6_PRIVACY=rfc4941
      # vi /etc/sysctl.d/99-sysctl.conf
      net.ipv6.conf.all.use_tempaddr=2
      net.ipv6.conf.default.use_tempaddr=2
      # vi /etc/NetworkManager/NetworkManager.conf
      [connection]
      ipv6.ip6-privacy=2
      # ip address flush dev devName
      # reboot


      a random ipv6 address is generated but so is the EUI-64 global and link local address based on my government Mandated Anonymity Cracking address (a.k.a. MAC address)



      if I change the MAC address in the config file to something random



      # vi /etc/sysconfig/network-scripts/ifcfg-devName
      HWADDR=00:12:34:56:78:9A


      It still generates a random ipv6 address but the other ipv6 address is static and never changes but at least it isn't based on any MAC address (including the one specified above).



      How do I enable rfc4941 random temporary addresses while disabling EUI-64 addresses? New addresses are supposed to be generated at least once a day and on reboot... what setting am I missing?







      fedora ipv6






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 25 '17 at 20:49









      Micheal Avery

      161




      161




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          -1
          down vote













          https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.



          https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394408%2fprevent-fedora-os-from-violating-my-privacy-with-static-eui-64-ipv6-address%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            -1
            down vote













            https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.



            https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?






            share|improve this answer
























              up vote
              -1
              down vote













              https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.



              https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?






              share|improve this answer






















                up vote
                -1
                down vote










                up vote
                -1
                down vote









                https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.



                https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?






                share|improve this answer












                https://fedoraproject.org/wiki/Networking/Addressing is fedora specific dyanamic IPv6 setup. Is this the documentation you tried and which is not working? They have some legacy documentation which probably does not work anymore. Since there are so many networking variables, it's largely pointless to suggest a specific solution without knowing the specific circumstances.



                https://superuser.com/questions/638024/use-ipv6-temporary-address-only-with-remote-peers is I believe the issue you want handled. Temporary auto change IPv6 addresses were the solution, not an ideal one of course, to the original design flaw of IPv6 exposing your system IP to the internet [one that will be exploited for decades to come by botnets running on poorly designed and configured internet of things IoT devices], since the original idea was to not use firewalls/routers with internal LAN IP ranges, which were translated to the external world by the router, but to have each and every device directly connect to the internet. What could possibly go wrong in that idea, lol?







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 25 '17 at 21:45









                Lizardx

                1,581410




                1,581410



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394408%2fprevent-fedora-os-from-violating-my-privacy-with-static-eui-64-ipv6-address%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?