Public bug reported:
Ubuntu 12.04 LTS and Ubuntu 12.10 server images both ship with the IPv6
Privacy Extensions enabled (as defined in RFC 4941[0]). Not only are
they enabled, but these addresses are preferred over addresses obtained
using SLAAC. While is may be considered a reasonable default on an image
being used on a personal computer, it's not something that is sane to
have enabled by default in a server environment. Having this extension
enabled can wreak havoc if you are expecting a specific IPv6 address
when you know the MAC addresses of your systems beforehand.
The file that is responsible for causing this to be defaulted to enabled
is: "/etc/sysctl.d/10-ipv6-privacy.conf". This file appears to be part
of the procps package (as per the output of 'dpkg -S') and contains the
following:
# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
# 0 - don’t use privacy extensions.
# 1 - generate privacy addresses
# 2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
In short, IPv6 privacy extensions should not be enabled by default when
deploying an Ubuntu server image. In a server environment you should be
able to reliably determine your IPv6 address based on the MAC address of
the system.
Thank you for taking the time to look in to this as well as consider
changing the default behavior of Ubuntu server.
-Tim Heckman
[0] http://tools.ietf.org/html/rfc4941
** Affects: procps (Ubuntu)
Importance: Undecided
Status: New
** Tags: networking precise quantal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1068756
Title:
IPv6 Privacy Extensions enabled on Ubuntu Server by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1068756/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs