Enabling Raspberry Pi IPv6 Privacy Extensions in Raspbian Jessie
If you have switched on IPv6, then the interface identifier of the IPv6 addresses is formed from the MAC address (hardware address). Unfortunately, it is always the same, which is why the respective clients or hosts can be identified by this address. For privacy reasons, that’s a problem.
That’s why with Privacy Extensions for IPv6, there’s an extension that protects privacy. Under Raspbian Jessie, IPv6 is on by default and Privacy Extensions is enabled.
- Privacy Extensions (IPv6)
Note: There may be several reasons why Privacy Extensions is not active in spite of proper configuration. Privacy Extensions does not always affect link-local addresses beginning with “fe80”. For example, it does not become active if no global prefix is distributed on the local network or if you have configured a static IPv6 address for the network interfaces.
Privacy Extensions is only relevant and only becomes active if a router distributes a global prefix within the local network. Otherwise, Privacy Extensions remains inactive. Even if it is activated in the settings.
task
- Check if Privacy Extensions is active.
- Check if Privacy Extensions is enabled in the network settings.
- Change the settings for Privacy Extensions and check the effects.
Solution: Check Privacy Extensions
The following commands are used to display the IP addresses:
ifconfig
or
ip a
Relevant are the lines with “inet6”. Only if there is such a line, then IPv6 is activated.
An interface can have multiple IPv6 addresses. Typically a link-local address starting with “fe80”. The back part of this address has a certain similarity to the MAC address of the interface.
If a global prefix is distributed in the local network, then an interface should also have a global IPv6 address.
Privacy Extensions is active when the back of the global IPv6 address (scope global) has no similarity to the MAC address.
Solution: Privacy Extensions in Network Settings (DHCPCD)
First we have to determine the status of the “dhcpcd”.
service dhcpcd status
Only if he is running “Active: active (running)” can we continue.
Then let’s take a look at the network configuration:
cat /etc/dhcpcd.conf
Here are some parameters:
- slaac private: Privacy Extensions active
- slaac hwaddr: Privacy Extensions inactive
Solution: Enable or disable Privacy Extensions in Network Settings (DHCPCD)
To do this, we open the file with the network settings:
sudo nano /etc/dhcpcd.conf
Here we are looking for the line that starts with “slaac”. Here we change the line in
slaac private
if Privacy Extensions should be active, or
slaac hwaddr
if Privacy Extensions should be inactive.
Then save and close: Ctrl + O, Return, Ctrl + X.
One changed only the file now. However, the changes have not yet been incorporated into the current network configuration. Basically, a reboot is recommended here, if you have made the configuration via SSH.
sudo reboot
It is less radical to restart the “networking”. But that only makes sense if you are NOT connected to Raspberry Pi via SSH.
sudo service networking restart
What does “slaac” mean?
Stateless Address Autoconfiguration (SLAAC) is a method for stateless and automatic configuration of IPv6 addresses on a network interface. By “stateless” or “stateless” is meant that the respective IPv6 address is not centrally assigned and stored. Thus, the host generates its own IPv6 address using additional information itself.
Leave a Reply