Generate and use temporary IPv6 addresses

[Mynacol]

Temporary addresses are privacy-preserving for outgoing traffic, as they don't disclose the MAC address. See also https://blog.apnic.net/2022/06/10/iot-devices-endanger-ipv6-privacy/

The MAC-derived IPv6 stays, so clients (e.g. IP-based remotes) have a permanent IPv6 as before. Servers, including local ones, will see changing IPv6 addresses when contacted by LibreELEC. Users who don't like this may revert this setting.

This shouldn't break anything. It only has an effect for IPv6-enabled networks.

[lrusak]

Does any distro use this by default?

[Mynacol]

Yes, my Linux Mint has the following /etc/sysctl.d/10-ipv6-privacy.conf file:

# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
#    0 - don’t use privacy extensions.
#    1 - generate privacy addresses
#    2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

And this german ubuntu wiki page says that this is in effect since Ubuntu 12.04.

Edit: Sorry, didn't know email replies don't support markdown :see_no_evil: