• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
KaliTut

KaliTut

Kali Linux tutorial and Linux system tips

  • Home
  • Raspberry Pi
  • Privacy Policy
  • About us

Enable IPv6 Privacy Extensions in Raspbian Wheezy

Last Updated on February 7, 2021 by Kalitut 3 Comments

Enable Raspbian Wheezy IPv6 Privacy Extensions

If you have activated IPv6 in Raspberry Pi (Raspbian Wheezy), then all IPv6 addresses are formed from the MAC address (hardware address). Unfortunately, it is always the same, which is why the client or host concerned can be identified by this address. For privacy reasons, that’s a problem.

Enable Raspbian Wheezy IPv6 Privacy Extensions

That’s why with Privacy Extensions for IPv6, there’s an extension that protects privacy. However, this is not always automatically active when IPv6 is switched on or activated.

Of course, Privacy Extensions is only relevant if a router distributes a global prefix within the local network. Otherwise Privacy Extensions will remain inactive even if it is activated in the settings.

  1. Privacy Extensions (IPv6)

Under Raspbian Jessie, IPv6 is on by default and Privacy Extensions is enabled. The following tasks are for Raspbian Wheezy.

Note: There may be several reasons why Privacy Extensions is not active in spite of proper configuration. Privacy Extensions usually does not affect link-local addresses beginning with “fe80”. It does not become active even if no global prefix is distributed on the local network or if static IPv6 addresses have been configured for the network interfaces.

task

  • Enable Privacy Extensions.
  • Check if the privacy extension is active.

Solution 1 for Raspbian Wheezy
First, open a configuration file.

sudo nano /etc/sysctl.conf

Here you must insert the following entry:

# Enable IPv6 Privacy Extensions
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2

This entry ensures that Privacy Extensions is activated for “all” network interfaces. If you do not want to enable Privacy Extensions for all, but only for selected interfaces, replace “all” with the name of the interface. For example “eth0” or “wlan0”.

Optionally, you can specify how long the temporary addresses generated by Privacy Extensions should be used (value in seconds). It is not discarded immediately, but a new temporary address is created and used for outgoing connections. The old one will be finally discarded later, if for a while no more traffic comes in at this address. This value can be additionally limited with a second value.

# Lifetime (86400 = 24h)
net.ipv6.conf.all.temp_prefered_lft = 86400


# set valid LifeTime (604800 sec = 7 days)
net.ipv6.conf.all.temp_valid_lft = 640800

Then save and close: Ctrl + O, Return, Ctrl + X.

After a restart, the Privacy Extensions should be active.

sudo reboot

A restart is not necessarily required. Reading in the system settings does it too.

sudo sysctl -p /etc/sysctl.conf

However, one should check in any case whether the interfaces have generated a temporary global IPv6 address.

ifconfig

Here, the corresponding interface should have a global IPv6 address. If not, no prefix will be distributed in the local network or Raspberry Pi has not gotten any yet. Here you have to wait maybe one or two minutes and then try again.

If Raspberry Pi then has a global IPv6 address, then there should be an additional global IPv6 address that has no traces of the MAC address. If this address does not exist then Privacy Extensions has not become active. Then you really have a problem!

Solution 2 for Raspbian Wheezy
First of all, check the existing network interfaces. Usually one works with “eth0” or “wlan0”. Here you look after the setting of Privacy Extensions.

sudo cat </proc/sys/net/ipv6/conf/eth0/use_tempaddr

Here the command line should output “2”. If not, then the default setting was not accepted. In this case you have to make the setting separately for each interface.

So again open the configuration file.

sudo nano /etc/sysctl.conf

Here you have to add the following entry additionally for “eth0”:

net.ipv6.conf.eth0.use_tempaddr = 2

And if a WLAN interface is also used for “wlan0”:

net.ipv6.conf.wlan0.use_tempaddr = 2

Then save and close: Ctrl + O, Return, Ctrl + X.

And of course, as usual, Reboot is doing well.

sudo reboot

After the restart you have to check again with “ifconfig”. If the settings have been applied, then there is also a global temporary IPv6 address, which is used for outgoing connections and changed regularly.

Solution 3 for Raspbian Wheezy (quick and dirty)
If it has not worked out yet, only the mallet method will help. It helps, but is “dirty”. To do this, open a configuration file:

sudo nano /etc/rc.local

Here you enter the following line before “exit 0”:

for IF in "/bin/ls/proc/sys/net/ipv6/conf/*/use_tempaddr"; do echo 2> $ IF; done

Then save, close and reboot.

Enable IPv6 Privacy Extensions in Raspbian Jessie

Filed Under: Raspberry Pi Tagged With: Raspbian Wheezy IPv6

Comments

  1. Brian Gregory says

    July 11, 2021 at 9:53 pm

    I did this on my Raspberry Pi 2 adding lines to sysctl.conf.
    Like so:
    # Enable IPv6 Privacy Extensions
    net.ipv6.conf.default.use_tempaddr = 2
    net.ipv6.conf.eth0.use_tempaddr = 2
    net.ipv6.conf.all.use_tempaddr = 2
    #
    # Lifetime (86400 = 24h)
    net.ipv6.conf.default.temp_prefered_lft = 86400
    net.ipv6.conf.eth0.temp_prefered_lft = 86400
    net.ipv6.conf.all.temp_prefered_lft = 86400
    #
    # set valid LifeTime (604800 sec = 7 days)
    net.ipv6.conf.default.temp_valid_lft = 604800
    net.ipv6.conf.eth0.temp_valid_lft = 604800
    net.ipv6.conf.all.temp_valid_lft = 604800
    #

    And the pi is generating and using a new temporary IPv6 addresses each day for outgoing connections as I wanted.

    However it is not discarding addresses after 7 days!!
    Is there something missing that’s needed to make it discard them?

    Reply
    • admin says

      July 12, 2021 at 9:36 pm

      as you can see here those settings will work for 7 days
      # set valid LifeTime (604800 sec = 7 days)
      net.ipv6.conf.default.temp_valid_lft = 604800
      net.ipv6.conf.eth0.temp_valid_lft = 604800
      net.ipv6.conf.all.temp_valid_lft = 604800
      #

      try to add more valid to 604800 for example 1 day equal 86400

      Reply
      • Brian Gregory says

        July 19, 2021 at 4:22 am

        The Raspberry Pi has been running for a week now and eth0 now has over 40 global IPv6 addresses!
        This can’t be right.
        There must be some detail I’m missing.

        Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow us

  • Facebook
  • Twitter
  • YouTube

Categories

  • Android pentesting tools
  • Arduino
  • Books
  • Darknet
  • database
  • General
  • Github Tools
  • Hacking
  • Kali Linux
  • Linux
  • Linux Commands
  • Network Administrator
  • Penetration Testing
  • Penetration Testing Tools
  • PowerShell
  • Raspberry Pi
  • resources
  • Review
  • Termux
  • Tutorials
  • Ubuntu
  • Uncategorized
  • Video Tutorials
  • vmware
  • WiFi Adapter
  • WiFi Pentesting
  • Wireless Router
  • Wireshark

Recent Posts

  • Hijacked Wi-Fi? Thorough explanation of hacking techniques
  • Windows PowerShell tutorial for beginners
  • Learn to Hack Steps from Beginner to Hacker
  • PowerShell Tutorial – GUIDE introduction with basics
  • Top Hacking Tools
  • Home
  • About us
  • Privacy Policy
  • Affiliate disclaimer

Copyright © 2023