No, this:
/etc/sysctl.conf
net.ipv6.conf.default.stable_secret=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
and
1 Like
Oh, it's just modifying how the suffix is generated, which is really not what I need, thanks!
No - thats how to enable it.
You asked "how to enable IPv6 privacy extensions " - that's how it's enbaled.
1 Like
I am using a FritzBox 7430 box as a WLAN client in my LAN. I am getting IPv4 and IPv6 adresses from my internet router via DHCP / DHCPv6 client.
If have tried your suggestions, but nothing worked for me. I still got no privacy extension address:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1508 qdisc fq_codel state UNKNOWN qlen 1000
link/ether 36:eb:d2:51:9a:38 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b822:ee31:5b58:c2c5/64 scope link flags 800
valid_lft forever preferred_lft forever
3: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 38:10:d5:46:b1:27 brd ff:ff:ff:ff:ff:ff
4: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 38:10:d5:46:b1:27 brd ff:ff:ff:ff:ff:ff
5: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
link/ether 38:10:d5:46:b1:27 brd ff:ff:ff:ff:ff:ff
6: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
link/ether 38:10:d5:46:b1:27 brd ff:ff:ff:ff:ff:ff
7: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 38:10:d5:46:b1:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.68/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd00::b822:ee31:5b58:c2c5/64 scope global dynamic noprefixroute
valid_lft 6930sec preferred_lft 3330sec
inet6 2003:ea:a70a:e700:b822:ee31:5b58:c2c5/64 scope global dynamic noprefixroute
valid_lft 6930sec preferred_lft 1530sec
inet6 fe80::b822:ee31:5b58:c2c5/64 scope link flags 800
valid_lft forever preferred_lft forever
cat /etc/sysctl.conf
net.ipv6.conf.default.stable_secret=bcd5:da2f:69e4:65a2:1435:05c6:fe40:9864
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.br-lan.use_tempaddr = 2
I am not a networking expert, so maybe I did something wrong.
Can anybody help to get this running?
Did you add the random assignment to the desired network interface. Heres an example.
Thank you for your quick answer. I have to set your options in /etc/conf/network. Is this correct? What means <henet_interface_name>?
In your case, if not Hurricane Electric, you will pick the relevant interface you get IPs from. E.g. wan6
Adding local assigns the ULA.
But if you want to have local and global why don't just not have this setting at all? Default is afaik to have local and global assignment. And where do I find info on your proposed Syntax? Last time I checked the wiki there was no mention on an interface...
I'm not sure of your question, perhaps you were asking the poster who inquired. Here is a full example:
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6ifaceid 'random'
option device 'br-lan'
list ip6class 'wan6'
list ip6class 'local'
The sysctrl syntax should be available by reviewing any Linux manual.
As I said, my OpenWrt box is a client in my LAN, so it has no WAN connection. It gets IPv6 addresses via DHCPv6 from my internet router via LAN. The box has 4 switched ethernet ports. One is connected to my LAN. So I don't know what to specify with <henet_interface_name>.
Simple: lan (I assume that's the name of the interface, correct?)
What is the name of the interface you configured a DHCPv6 client attached to LAN?
EDIT: That should exist if you have an address already.
Feel free to read the full thread (and others linked there) for more information.
If have tried the following in /etc/config/network:
config interface 'LAN6'
option proto 'dhcpv6'
option device 'br-lan'
option reqaddress 'try'
option reqprefix 'auto'
option ip6assign '64'
option ip6ifaceid 'random'
option ip6class 'LAN6 local'
I have got a new ULA address inet6 fd0b:9f32:d47:0:f175:3184:12a1:8109/64 but no privacy extension address.
- Try as in the example
option ip6class 'lan6'
option ip6class 'local'
That seems like a privacy extension address to me (since I don't know your MAC or the original IP, I can't determine definitively. You added the sysctrl settings (as I noted in the thread) and rebooted, correct?
(The other ones you listed were unneeded.)
I have changed my config to
config interface 'LAN6'
option proto 'dhcpv6'
option device 'br-lan'
option reqaddress 'try'
option reqprefix 'auto'
option ip6assign '64'
option ip6ifaceid 'random'
option ip6class 'lan6'
option ip6class 'local'
but still no success. And yes, I always did a reboot. And IPv6 addresses starting with fd... can not be routed into the internet. I need another address starting with 2003.... This is a routeable address which should be used to access the internet from my box. By the way: All my other LAN client hosts have two such addresses.
... you can see my sysctl settings in my first post.
Wait wait...I thought this looked wrong when I asked for the DHCPv6 and didnt see it. Try:
config interface 'lan6'
option proto 'dhcpv6'
option device 'br-lan'
option ip6ifaceid 'random'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.68'
option netmask '255.255.255.0'
option device 'br-lan'
option ip6assign '64'
option ip6class 'local'
option ip6ifaceid 'random'
(I"m not sure of the ULA part in this example - I'd have to test.)
If your upstream is DHCPv6 and not SLAAC-only, I'm not sure how that'll work either.
... are you sure to use ipv6 settings in the ipv4 interface 'lan'?
- That is the default (i.e. to put IPv6 assign, class, ifaceid, etc.) in the
lanconfig. - You only need a
lan6when you IPv6 is coming from the same interface (or 1 or both are DHCP/DHCPv6 as in your instance) - I also noted:
/etc/config/network:
config interface 'lan6'
option proto 'dhcpv6'
option device 'br-lan'
option ip6ifaceid 'random'
config interface 'lan'
option proto 'dhcp'
option device 'br-lan'
option ip6assign '64'
option ip6class 'local'
option ip6ifaceid 'random'
/etc/sysctl.conf:
net.ipv6.conf.default.stable_secret=bcd5:da2f:69e4:65a2:1435:05c6:fe40:9864
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.br-lan.use_tempaddr = 2
Still no success.
Ip6class is no sysctl... And I have to admit I wrongly read the worng syntax from to the upper post... That's why I have ask: in OpenWrt you can set local or global for ip6class on an interface but no option ip6class '<ifname> [local|global]