Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: network-manager (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1977619
Title:
NetworkManager 1.36.6 orders IPv6 addresses incorrectly
Status in network-manager package in Ubuntu:
Confirmed
Bug description:
My network has both DHCPv6 and SLAAC for IPv6. From both a privacy
perspective and readability reasons, DHCPv6 should *always* be
preferred over SLAAC addresses when available.
NetworkManager has always been able to adhere to that by simply
setting ip6.privacy=0 for the connection.
So if you would - for instance - run `curl ifconfig.co`, the DHCPv6
address would be used to connect to the outside world.
Since the update to 1.36.6, this is no longer the case. NetworkManager
now routes outgoing traffic through the SLAAC address, even if
ip6.privacy=0 is set for the connection. Setting
net.ipv6.conf.all.use_tempaddr=0 and
net.ipv6.conf.<interface>.use_tempaddr=0 with sysctl also no longer
has any effect.
Removing the SLAAC addresses with `ip addr del` or disabling SLAAC
RA's altogether is the only way to stop NetworkManager from preferring
SLAAC over DHCPv6 now.
Looking at the changelog of NetworkManager 1.36.6, things regarding IP
address order and temporary addresses have been changed in that
release:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/nm-1-36/NEWS
When running `ip -6 a`, the list now sorts SLAAC addresses above
DHCPv6 addresses. With NetworkManager 1.36.4 this was not the case.
(The Linux kernel uses the address highest in the list as preferred.)
This can break many real-life use cases. For instance, my router gives
out static leases to my machines. Those addresses are whitelisted in
all kinds of firewalls to allow me to access servers for my work. Now
that the "wrong" address is being preferred for outgoing traffic (a
SLAAC address that I have no influence on), I am being locked out of
the servers in question unless I forcefully remove the addresses or
disable SLAAC on my router, so my outgoing traffic is being routed
through the DHCPv6 address again.
So this update introduces a very breaking change in IPv6 source
address selection to an LTS release, while LTS releases should be
stable.
I should note that the bug is not present in NetworkManager 1.38.0 on
Debian sid. That just prefers DHCPv6 addresses when available, like it
should.
/etc/os-release:
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
UBUNTU_CODENAME=jammy
nmcli -v:
nmcli tool, version 1.36.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1977619/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
