Server Fault Asked by WannabeCoder on December 12, 2020
Enabling Privacy Extension
(net.ipv6.conf.eth0.use_tempaddr=2
in /etc/sysctl.conf
) for IPv6
gives me a new IP address for a fixed period of time, is there a way to get a new IPv6 on demand? i.e. refresh a new IPv6 when needed?
The "active" temporary address has properties temporary and dynamic but not deprecated. When it's about to become deprecated (ie: its preferred_lft value drops to 0), a new temporary address is added by the kernel to the interface.
The interface's current temporary address, will be part of the results shown here:
ip -6 address show temporary dynamic
but not part of the older addresses which are still valid but deprecated shown with:
ip -6 address show temporary deprecated
You just have to lower its preferred_lft
property to near zero to trigger the creation of the new temporary address. From trial and error, this won't work if preferred_lft
is set below 3: the countdown reaches 0 before triggering the creation and then it won't work anymore (but one can still set again preferred_lft
to >= 3 later to get the trigger). I don't know if there's any knob about this peculiarity. 5 seconds looks like a safe value, meaning the new address will appear about 2 or 3 seconds later.
Let's suppose the current found value is 2001:db8::1/64 on interface eth0:
ip address change 2001:db8::1/64 dev eth0 preferred_lft 5
Note that tampering with this removes the dynamic property, which would have not happened naturally, and might possibly trigger later creation of additional temporary addresses sooner than expected.
With ip
's JSON output and jq
some scriptability is possible, here's what I came with to output the commands ready to pipe to a shell to change all candidate temporary addresses at once (usually requires a multi-homed system to get more than one but tampering with this might perhaps create multiple ones later too). It verifies that the temporary and dynamic address is not deprecated to consider it a candidate:
ip -6 -p -j address show temporary dynamic | jq -j '.[] |
. as $i |
.addr_info[] as $a |
if $a.local == null // $a.deprecated == true then
empty
else
"ip -6 address change ",
$a.local, "/", $a.prefixlen,
" dev ", $i.ifname,
" preferred_lft 5n"
end'
which would output again:
ip -6 address change 2001:db8::1/64 dev eth0 preferred_lft 5
You might consider also reducing valid_lft
to have the now deprecated address disappear completely faster.
Correct answer by A.B on December 12, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP