2009-11-18
I played with temporary IPv6 addresses r ...
I played with temporary IPv6 addresses recently, the privacy extension where the right half of the address isn't always the same address derived from the ethernet mac address but a random address. I noticed when I set Linux to use the temporary address as preferred address it was listed as 'secondary':# ip -6 addr ls 1: lo:I thought maybe I can use this to fix my outgoing IPv6 address selection problem. Searching for clues how to change the status of an IPv6 address using the ip command I found: IPv6 Source Address Selection on Linux which answers my question completely, and now I can 'block' the tunnel address completely for outgoing connections:mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 22: wlan0: mtu 1500 qlen 1000 inet6 2001:888:1011:1:10f3:2799:3587:237e/64 scope global secondary dynamic valid_lft 604544sec preferred_lft 85544sec inet6 2001:888:1011:1:21f:e1ff:fe45:2894/64 scope global dynamic valid_lft 2591744sec preferred_lft 604544sec inet6 fe80::21f:e1ff:fe45:2894/64 scope link valid_lft forever preferred_lft forever # ip -6 addr ls dev xs4allipv6 7: xs4allipv6@NONE:The tunnel address is 'deprecated' so it will not be used for outgoing connections but the system still responds to it so routing works. Now the wanted address is chosen when I connect to a system 'nearby' in IPv6 address terms:mtu 1480 inet6 2001:888:1011::13/128 scope global valid_lft forever preferred_lft forever inet6 2001:888:10:11::2/64 scope global deprecated valid_lft forever preferred_lft forever inet6 fe80::a2a:1401/64 scope link valid_lft forever preferred_lft forever inet6 fe80::525f:c4ca/64 scope link valid_lft forever preferred_lft forever inet6 fe80::a2a:201/64 scope link valid_lft forever preferred_lft forever tcp6 0 0 2001:888:1011::13:41041 2001:888:0:311:194::119 ESTABLISHED