= Сообщение: 1762 из 7440 ============================================= IPV6 = От : Markus Reschke 2:240/1661 03 Oct 15 11:49:20 Кому : Michiel van der Vlist 03 Oct 15 11:49:20 Тема : Raspeberry Pi / SixXS FGHI : area://IPV6?msgid=2:240/1661+56043316 На : area://IPV6?msgid=2:280/5555+560f8e89 = Кодировка сообщения определена как: LATIN-1 ================================ Ответ: area://IPV6?msgid=2:280/5555+560fd65e ============================================================================== Hello Michiel!
Oct 03 10:15 2015, Michiel van der Vlist wrote to Paul Hayton:
MvdV> It may be the privacy extensions. Windows has it enabled by MvdV> default. It means an interface gets at least two public IPv6 MvdV> addresses. The one is assigned by SLAAC or DHCP6 and it is the one MvdV> that should be used for incoming connection. The other has its MvdV> suffix assigned random and it is renewed every 24 hours. That is MvdV> the one used for outgoing connections.
On linux you can change the lifetime and the time the address remains usable after a new one is created, i.e. the time until it's discarded completely.
For en/disabling PE and changing the timers you have to simply write the values to: /proc/sys/net/ipv6/conf/eth0/use_tempaddr (0: off / 1: assign / 2: prefer) /proc/sys/net/ipv6/conf/eth0/temp_valid_lft (time in seconds) /proc/sys/net/ipv6/conf/eth0/temp_prefered_lft (time in seconds)
MvdV> Privacy extensions do not make much sense on a fixed connection MvdV> since the prfix does not change and it makes even less sense if the MvdV> host accepts incoming connections and advertises it by en entry in MvdV> the DNS.
I agree, that PE is nonsense for a server. Also SLAAC/DHCPv6 aren't helpful in this case. But it's not generally a bad idea to enable PE for PCs with a static prefix. SLAAC assigned addresses are based on the NIC's MAC address. If you want to make life a little bit harder for all those trackers, PE comes in handy. And DNS is no real issue since most are used to DynDNS for quite a while. With SLAAC you would have to manage DNS dynamically anyway, because a new NIC (replacement for a broken one, new mainboard) will cause a new IPv6 address. You don't want this to happen for a server.
My IPv6 prefix is valid for up to 6 months, if the DSL connection stays up and running all the time. But it doesn't due to the telco's maintenance windows and maybe some power outage and what have you. So I had to set up DynDNS anyway. It doesn't matter for me if the address changes every 24h or every few weeks/months, it's monitored and DNS will be updated if necessary.
