Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen gezeigt.

Link zu der Vergleichsansicht

Nächste Überarbeitung
Vorherige Überarbeitung
server_und_serverdienste:ipv6_privacy_mit_networkmanager_richtig_einstellen [2018/08/19 15:58]
boospy angelegt
server_und_serverdienste:ipv6_privacy_mit_networkmanager_richtig_einstellen [2020/09/19 21:39] (aktuell)
loma
Zeile 31: Zeile 31:
 systemctl restart NetworkManager systemctl restart NetworkManager
 </​code>​ </​code>​
 +Bei einer Neuinstallation des Hosts ändert sich die Adresse immer.
 +
 +===== Default Einstellungen in Networkmanager festlegen =====
 +Das macht gerade in VM Templates Sinn. ''​nano /​etc/​NetworkManager/​NetworkManager.conf''​
 +<​code>​
 +[main]
 +plugins=ifupdown,​keyfile
 +
 +[ifupdown]
 +managed=false
 +
 +[device]
 +wifi.scan-rand-mac-address=no
 +
 +[connection]
 +ipv6.ip6-privacy=0
 +addr-gen-mode=eui64
 +</​code>​
 +Der Bereich mit "​Connections"​ wurde angehängt. Damit bekommt der Rechner oder die VM immer die an die Hardware gebundene IPV6 Adresse. Auch beim Anlegen eines neuen Interfaces/​Verbindung in Networkmanager bleibt die Adresse gleich. ​
 +
 +
 +===== Links =====
 +  * [[https://​people.freedesktop.org/​~lkundrak/​nm-docs/​nm-settings.html|NetworkManager Settings]]
 +
 +> Configure method for creating the address for use with RFC4862 IPv6 Stateless Address Autoconfiguration. The permitted values are: "​eui64",​ or "​stable-privacy"​. If the property is set to "​eui64",​ the addresses will be generated using the interface tokens derived from hardware address. This makes the host part of the address to stay constant, making it possible to track host's presence when it changes networks. The address changes when the interface hardware is replaced. The value of "​stable-privacy"​ enables use of cryptographically secure hash of a secret host-specific key along with the connection identification and the network address as specified by RFC7217. This makes it impossible to use the address track host's presence, and makes the address stable when the network interface hardware is replaced. On D-Bus, the absence of an addr-gen-mode setting equals enabling "​stable-privacy"​. For keyfile plugin, the absence of the setting on disk means "​eui64"​ so that the property doesn'​t change on upgrade from older versions. Note that this setting is distinct from the Privacy Extensions as configured by "​ip6-privacy"​ property and it does not affect the temporary addresses configured with this option.
 +