** Description changed:

  My network has both DHCPv6 and SLAAC for IPv6. From both a privacy
  perspective and readability reasons, DHCPv6 should *always* be preferred
  over SLAAC addresses when available. And according to RFC 6724 the
  smaller /128 scope of the DHCPv6 address should be chosen over the
  larger /64 scope of the SLAAC address.
  NetworkManager has always been able to adhere to that by simply setting
  ip6.privacy=0 for the connection (in nm-connection-editor *not*
  selecting "Prefer temporary address" for IPv6 privacy extensions). Then
  it would use the DHCPv6 address as the source for all outgoing traffic.
  So if you would - for instance - run `curl ifconfig.co`, the DHCPv6
  address would be used to connect to the outside world and be echoed
  Since the update to 1.36.6, this is no longer the case. NetworkManager
  now routes outgoing traffic through the SLAAC address, even if
  ip6.privacy=0 is set for the connection. Setting
  net.ipv6.conf.all.use_tempaddr=0 and
  net.ipv6.conf.<interface>.use_tempaddr=0 with sysctl also no longer has
  any effect.
  Removing the SLAAC addresses with `ip addr del` or disabling SLAAC RA's
  altogether is the only way to stop NetworkManager from preferring SLAAC
  over DHCPv6 now.
  Looking at the changelog of NetworkManager 1.36.6, things regarding IP
  address order and temporary addresses have been changed in that release:
+ * Fix a bug in synchronization of IP addresses with kernel that could lead to 
a wrong address order.
+ * Ignore addresses from DHCPv6 when the Otherconf router advertisement flag 
is set.
+ * Ensure temporary IPv6 addresses are removed on disconnect and reapply.
  When running `ip -6 a`, the list now sorts SLAAC addresses above DHCPv6
  addresses. With NetworkManager 1.36.4 this was not the case. (The Linux
  kernel uses the address highest in the list as preferred.)
  This can break many real-life use cases. For instance, my router gives
  out static leases to my machines. Those addresses are whitelisted in all
  kinds of firewalls to allow me to access servers for my work. Now that
  the "wrong" address is being preferred for outgoing traffic (a SLAAC
  address that I have no influence on), I am being locked out of the
  servers in question unless I forcefully remove the addresses or disable
  SLAAC on my router, so my outgoing traffic is being routed through the
  DHCPv6 address again.
  So this update introduces a very breaking change in IPv6 source address
  selection to an LTS release, while LTS releases should be stable.
  I should note that the bug is not present in NetworkManager 1.38.0 on
  Debian sid. That just prefers DHCPv6 addresses when available, like it
  PRETTY_NAME="Ubuntu 22.04 LTS"
  VERSION="22.04 LTS (Jammy Jellyfish)"
  nmcli -v:
  nmcli tool, version 1.36.6
  Looking at the changelog of 1.38.0:
  * Fix bug setting priority for IP addresses.
  * Static IPv6 addresses from "ipv6.addresses" are now preferred over 
addresses from DHCPv6, which are preferred over addresses from autoconf. This 
affects IPv6 source address selection, if the rules from RFC 6724, section 5 
don't give a exhaustive match.
  So it looks like Ubuntu just introduced that bug by upgrading to 1.36.6.
  Please either backport the fix from 1.38.0 or revert to 1.36.4, which
  was working fine.
  More background here: https://bugs.launchpad.net/ubuntu/+source/network-

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  NetworkManager 1.36.6 orders IPv6 addresses incorrectly

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to