Symptom:By default, the Ubuntu-Linux network stack for IPv6 does only configure static IPv6 addresses build from the network prefix and the hardware address of the network card (MAC-Address).
Problem:This IPv6 addresses are stable and will not change over time as long as the network card is not replaced. This can lead to privacy issues, as the static IPv6 address can be tracked by outside parties (external websites).
SolutionThe IPv6 standards define an algorithm to generate temporary random IPv6 addresses that are less traceable over time. This is documented in RFC 4941 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6".
In Ubuntu-Linux, privacy extensions for IPv6 are disabled by default. To enable them, edit the file "/etc/sysctl.conf" (as superuser "root", create the file if it does not exist) and add one line per network card that is using IPv6 (here 'eth0'):
net.ipv6.conf.eth0.use_tempaddr=2To enable this new setting, execute
sudo sysctl net.ipv6.conf.eth0.use_tempaddr=2 sudo /etc/init.d/networking restartAfter this step (or on the next reboot), you should see new IPv6 addresses with IPv6 addresses using your IPv6 network prefixes and random host-part bound to your IPv6 enabled network interfaces (privacy addresses in bold below, one public prefix address 2001:db8:100/64 and one unique local ULA address fd34:2e7e:5a30/64 ):
user@box:~ $ ifconfig eth0 Link encap:Ethernet HWaddr c8:0a:a9:6a:72:91 inet addr:192.168.1.35 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fd34:2e7e:5a30:0:9f:fc3d:176f:ad9a/64 Scope:Global inet6 addr: 2001:db8:100:0:9f:fc3d:176f:ad9a/64 Scope:Global inet6 addr: fd34:2e7e:5a30:0:ca0a:a9ff:fe6a:7291/64 Scope:Global inet6 addr: 2001:db8:100:0:ca0a:a9ff:fe6a:7291/64 Scope:Global inet6 addr: fe80::ca0a:a9ff:fe6a:7291/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:358 errors:0 dropped:0 overruns:0 frame:0 TX packets:386 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:214309 (214.3 KB) TX bytes:52597 (52.5 KB) Interrupt:42
What about 'net.ipv6.conf.default.use_tempaddr' and 'net.ipv6.conf.all.use_tempaddr'?the system configuration key 'net.ipv6.conf.default.use_tempaddr' is being used for all new network interfaces that are attached to the system AFTER this setting has been changed. If this setting is written from the file '/etc/sysctl.conf', it works for network cards that will be attached after the initial boot process (USB Network cards or SD-IO and PC-CARD Network interfaces). In modern Linux systems the '/etc/sysctl.conf' file will be read and applied only after the build-in network cards have been initialized. It is possible to change this setting in the initial ramdisk 'initrd' startscript, but that requires fiddling with the boot process and is not recommended for production machines (it will probably break or being overwritten during an update).
The setting 'net.ipv6.conf.all.use_tempaddr' is supposed to propagate its value to all interfaces currently attached, but this does not work. There are two bug entries in the Linux kernel bug-tracking system for this issue: