Hi Jeroen, >> I found two or three posts in the internet, all mentioning (or hoping) >> that this is related to a change to RFC7217 as default IID mechanism. >> >> But one guy sad, that the source code (of 10.11) shows, that this is a >> cryptographic generated interface identifier for SeND (RFC3971). >> >> I tend to believe that the latter is true. > > Seeing how Apple implemented things like "Happy Eyeballs" it likely is > neither. And in the case of "Happy Eyeballs" there is no way to turn it > off either. Filing radar bugs clearly does not help as they never get > addressed or marked as 'dupe' at which point you do not know the status > of the 'original' problem and well, nothing happens...
>> Has anyone more information about this? Especially how to configure it? > > The only trick I found out was: > > https://twitter.com/tweetsix/status/778615624444571649 > 8<------- > Also who has typed: "sudo sysctl -w net.inet6.ip6.maxifprefixes=1" (or > stored the setting in /etc/sysctl.conf) recently? ;) > --------->8 To be honest, that's definitively is not the way I like to go. > As then you only get the DHCPd address (requires DHCPv6 server....) on > your interface and not all the other magic ones that change all the time > and are extremely useless if you want to ADDRESS a host... > (yes, I love VNC'ing, SSH'ing and doing SSH-backups of my boxes...) Oh no, DHCPv6 is not needed here. The problem is *not* that this IID is changing. It is a stable one. And yes, I vote not against temporary addresses. > There are claimed 'good' properties of a changing address but mostly > they are useless: "it works against tracking" which is useless if your > /48 is static and there are only ~10 hosts in that prefix that call > outbound. Also, something with HTTP Cookies for 99% of the other things. > And I am really not lugging my 27" iMac around to get it in another > network.... > > Hence, a switch to turn if off.... would be amazing. > The above trick kinda does that though and it mostly seem to work. My info is, to set sysctl -w net.inet6.send.opstate=0 to go back to mac address based eui64, but didn't checked it. There is another sysctl parameter (opmode) but unclear what 1 (or 0) means: $ sysctl net.inet6.send net.inet6.send.opstate: 1 net.inet6.send.opmode: 1 Thanks Holger
smime.p7s
Description: S/MIME Cryptographic Signature