|
OSX, static IPs and the privacy extensions
![[de]](/s/countries/de.gif) Shadow Hawkins on Wednesday, 26 September 2012 08:10:17
Hi everyone,
I set up my SixXS-tunnel long time ago, but recently had time to fumble around with static IPv6-IPs in my home network. Unfortunately, there is a problem I can not solve.
When setting up IPv6 on my two OSX machines (10.7 and 10.8) I can choose 'Automatic, 'Manual' and 'link-local'. Obviously link-local is not what I want.
Using automatic sets up a (random) adress out of the subnet along with some temporary adresses (Privacy Extensions).
I thought 'Manual' was what I wanted. And I can configure a static IPv6-IP. But then this IP is also used for outgoing traffic, and the Privacy Extensions are not used. Even though I use the Heise IPv6 Anonymizer (http://www.heise.de/netze/artikel/IPv6-Privacy-Extensions-einschalten-1204783.html?artikelseite=5) whichs activates the privacy extensions after each reboot (I calls 'sudo sysctl -w net.inet6.ip6.use_tempaddr=1').
I can add the static IP manually via ipconfig etc., but after each reboot or network switch it is lost again.
Has anyone else tried this before? And succeeded? Any hints?
Thanks in advance,
Johannes
OSX, static IPs and the privacy extensions
I use the following on installation of a new OSX:
{{{
echo -e "net.inet6.ip6.prefer_tempaddr=0\nnet.inet6.ip6.use_tempaddr=0\n" >>/etc/sysctl.conf
}}}
And voila, non-privacy (tempaddr) for use and preference.
OSX, static IPs and the privacy extensions
Shadow Hawkins on Wednesday, 26 September 2012 18:25:05
Did you set up the IP as "Manual" (in the IPv6 properties of the ethernet/wlan adapter)?
The above setting does only work for me if the network is configured as "Automatic". When a static IP is set via "Manual", I see no privacy extensions. No matter how I set this, via sysctl.conf (which is deprecated AFAIK) or via Heise IPv6 Anonymizer (which uses a LaunchAgent/LaunchDaemon at each start).
Regards,
Johannes
OSX, static IPs and the privacy extensions
Nope, I do everything with RA and then just stuff that address in DNS (hardware rarely breaks for me that I need to reregister it, thus never saw a problem with that)
Manual mode cannot work as then you disable the processing of Router Advertisements, this is the same on Linux/BSD etc.
If you just want a static address next to a privacy one you would have to add it manually, not in the config.
I do not see Apple supporting any of that from the GUI though as that is a very limited use case, next to that address likely never being used for outbound connections.
OSX, static IPs and the privacy extensions
Shadow Hawkins on Wednesday, 26 September 2012 19:03:20
Hi,
according to IPv6 standards temporary addresses/privacy extensions are by definition an extension to IPv6 autoconfiguration (http://tools.ietf.org/html/rfc4941). So you can only use them within the context of autoconfiguration, either stateless via SLAAC (http://tools.ietf.org/html/rfc4862) or stateful via DHCPv6 (search for "IA_TA" within http://tools.ietf.org/html/rfc3315).
In other words: In the absence of both SLAAC and DHCPv6 you can't combine a statically configured IPv6 address with a temporary address.
Using automatic sets up a (random) adress out of the subnet along with some temporary adresses (Privacy Extensions).
What you call random, may look random only but it should be a the constant "modified EUI-64" address as described in http://tools.ietf.org/html/rfc4291 which you can detect from the "ff:fe" address part in the middle of the host identifier. It is constant (as least as the MAC address doesn't change it is derived from), so you can register it to the DNS and operate services with this address while you use the temporary address when surfing in the web. So "automatic" should meet your needs?
If you really want to combine a statically configured address with privacy extensions you must activate both manual and automatic address configuration so that in case of SLAAC you end up with 3 addresses: One temporay, one modified EUI-64 (which is useless now) and your statically configured address, you probably want to use for services. While I know this is possible with MS Windows, from what you tell, OSX might not support this.
OSX, static IPs and the privacy extensions
![[fi]](/s/countries/fi.gif) Shadow Hawkins on Saturday, 29 September 2012 18:11:59
I'm curious about how these privacy extensions are supposed to "hide" your identity. If you have a full /64 assigned to you then it's trivial to look up the owner of the subnet from whois. Am I missing something obvious here?
OSX, static IPs and the privacy extensions
If you have a full /64 assigned to you then it's trivial to look up the owner of the subnet from whois. Am I missing something obvious here?
It is not about 'owner' of the address and also note that it is not about the fixed-ness of the address.
Whois cannot easily be queried automatically let alone harvested (note the easily, there are botnets for that of course who do it anyway)
Next to the point that a /64 can have multiple hosts and multiple users.
The primary thing privacy extension solves is not when you stay in the same network, but when you move from one network to another, thus have different /64's. Otherwise your EUI-64 portion will be the same and they can be easily matched as being you when you are in the other network.
Indeed, when one stays in the same /64 or even /48, it is easy to likely state it is the same host.
The full text and ratification for the privacy extensions is in RFC4941.
Note that there are lots of ways, like cookies and other such things, to track people. Behaviour and style of writing queries for instance is another one.
If one wants anonymity one should be using Tor (which is receiving more and more IPv6 love ;)
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 26 September 2012 09:07:36
Posting is only allowed when you are