SUMMARY Whenever I disable IPv6 privacy via the editor it resets addr-gen-mode back to stable-privacy instead of 0. STEPS TO REPRODUCE 1. Edit any network profile that uses IPv6. 2. Disable IPv6 Privacy, apply/save. OBSERVED RESULT Notice that IPv6 privacy is not disabled (/etc/NetworkManager/system-connections/*.conf), addr-gen-mode must be 0 for it to disable. EXPECTED RESULT addr-gen-mode should be set to 0 to disable IPv6 privacy. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Latest via Manjaro (stable) KDE Plasma Version: 6.15 KDE Frameworks Version: 6.6.0 Qt Version: 6.7.2 ADDITIONAL INFORMATION None.
It's not meant to set `addr-gen-mode` (RFC 7217), only `ip6-privacy=0` (RFC 4941). The editor lacks support for the `addr-gen-mode` option, for which I'm opening a feature request right now. See: - https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html#id-1.2.9.4.21 - https://superuser.com/a/243713
In other words, the option you're changing in the editor refers to RFC 4941 (Privacy Extensions for Stateless Address Autoconfiguration in IPv6), which creates temporary addresses to be used for outgoing connections. `addr-gen-mode` defines how the interface identifier of your public IPv6 addresses is generated — it doesn't apply to the "privacy addresses". Setting it to `stable-privacy` makes it create stable IIDs that don't expose your real hardware MAC address, while `eui64` creates IIDs based on your MAC.
(In reply to Douglas Silva from comment #2) > In other words, the option you're changing in the editor refers to RFC 4941 > (Privacy Extensions for Stateless Address Autoconfiguration in IPv6), which > creates temporary addresses to be used for outgoing connections. > > `addr-gen-mode` defines how the interface identifier of your public IPv6 > addresses is generated — it doesn't apply to the "privacy addresses". > Setting it to `stable-privacy` makes it create stable IIDs that don't expose > your real hardware MAC address, while `eui64` creates IIDs based on your MAC. Setting `privacy` to *disabled* doesn't get me a non-private address, that's the problem. Disabled means disabled, not 'stable-privacy'. Only setting `addr-gen-mode` to 0 and restarting NetworkManager *again* will get me a real, non-private address ('eui64').
(In reply to Odin Vex from comment #3) > (In reply to Douglas Silva from comment #2) > > In other words, the option you're changing in the editor refers to RFC 4941 > > (Privacy Extensions for Stateless Address Autoconfiguration in IPv6), which > > creates temporary addresses to be used for outgoing connections. > > > > `addr-gen-mode` defines how the interface identifier of your public IPv6 > > addresses is generated — it doesn't apply to the "privacy addresses". > > Setting it to `stable-privacy` makes it create stable IIDs that don't expose > > your real hardware MAC address, while `eui64` creates IIDs based on your MAC. > > Setting `privacy` to *disabled* doesn't get me a non-private address, that's > the problem. Disabled means disabled, not 'stable-privacy'. Only setting > `addr-gen-mode` to 0 and restarting NetworkManager *again* will get me a > real, non-private address ('eui64'). As far as I know, `stable-privacy` gives you a public stable address, which should not change. Its name can be misleading. However, if you have a dynamic GUA address (when your ISP refuses to give you a static prefix), then the address generated with `stable-privacy` will change every time the ISP updates your prefix; in such cases, you have to use EUI64.
(In reply to Douglas Silva from comment #4) > (In reply to Odin Vex from comment #3) > > (In reply to Douglas Silva from comment #2) > > > In other words, the option you're changing in the editor refers to RFC 4941 > > > (Privacy Extensions for Stateless Address Autoconfiguration in IPv6), which > > > creates temporary addresses to be used for outgoing connections. > > > > > > `addr-gen-mode` defines how the interface identifier of your public IPv6 > > > addresses is generated — it doesn't apply to the "privacy addresses". > > > Setting it to `stable-privacy` makes it create stable IIDs that don't expose > > > your real hardware MAC address, while `eui64` creates IIDs based on your MAC. > > > > Setting `privacy` to *disabled* doesn't get me a non-private address, that's > > the problem. Disabled means disabled, not 'stable-privacy'. Only setting > > `addr-gen-mode` to 0 and restarting NetworkManager *again* will get me a > > real, non-private address ('eui64'). > > As far as I know, `stable-privacy` gives you a public stable address, which > should not change. Its name can be misleading. > > However, if you have a dynamic GUA address (when your ISP refuses to give > you a static prefix), then the address generated with `stable-privacy` will > change every time the ISP updates your prefix; in such cases, you have to > use EUI64. Again, the issue is "Privacy: Disabled" should mean Disabled. (eg addr-gen-mode=0). So if my MAC were A1-B2-C3-D4-E5-F6 and my IPv6 prefix were a 26FE:DCBA:9876:5400/64, then the address expected (via DHCPv6) would be 26FE:DCBA:9876:5400:A3B2:C3FF:FED4:E5F6.
(This issue is specifically about "Disabled" needing to actually mean Disabled, as in no 'stable-privacy' because that's the opposite of Disabled. Stable-privacy is privacy (to any extent).)