http://bugzilla.novell.com/show_bug.cgi?id=988023 Bug ID: 988023 Summary: IPv6 Privacy Extensions should be off by default Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: lnussel@suse.com Reporter: jbohac@suse.com QA Contact: qa-bugs@suse.de Blocks: 678066 Found By: --- Blocker: --- IPv6 Privacy Extensions generates random temporary IPv6 addresses for outgoing connections to enhance the user's privacy. The mechanism is defined in RFC 4941. As all IPv6 addresses, the temporary addresses have a "preferred lifetime" and a "valid lifetime". Applications that open persistent or long-lasting connections lasting longer than the "valid lifetime" of the temporary address are broken by this. This has been reported on NFS (see bsc#986395), same problem exists e.g. for instant messaging clients. Because of this, the RFC recommends that Privacy Extensions be turned OFF by default: RFC 4941 3.6. Deployment Considerations: The use of temporary addresses may cause unexpected difficulties with some applications. As described below, some servers refuse to accept communications from clients for which they cannot map the IP address into a DNS name. In addition, some applications may not behave robustly if temporary addresses are used and an address expires before the application has terminated, or if it opens multiple sessions, but expects them to all use the same addresses. Consequently, the use of temporary addresses SHOULD be disabled by default in order to minimize potential disruptions. Individual applications, which have specific knowledge about the normal duration of connections, MAY override this as appropriate. OpenSUSE has this turned on by default in this file: /usr/lib/sysctl.d/50-default.conf owned by the aaa_base package. The wrong default has been introduced in bsc#678066 without proper discussion. -- You are receiving this mail because: You are on the CC list for the bug.