Remove From My Forums

How does one get the system to actually use the IPv6 Temporary Addresses?

Question
2

Sign in to vote

Is there some trick to getting the system to actually use the IPv6 Temporary Addresses? On multiple system, some in a domain and some stand-alone, both before and after the Anniversary Update, the fixed IPv6 address is used after a few hours. Mucking with the network (e.g., turning temporary addresses off and on) gets the system to use a temporary address for a while, but check back in a few hours or the next day, and the permanent address the one being used. "ipconfig" shows multiple temporary IPv6 addresses available, but checking https://www.google.com/#q=what+is+my+ip in Edge, Chrome, and Firefox show the permanent address being used. "ping" can be convinced to use another address with the "-S", but otherwise it also selects the permanent address.

Am I the only person seeing this? Could it be some oddity of this network (Cox DHCPv6-PD through an EdgeRouter Lite)?

Having, but not using, temporary IPv6 addresses does not provide much in the way of privacy.

Sunday, August 28, 2016 2:55 PM

All replies

0

Sign in to vote

This is has been on Feedback Hub for months: Temporary IPv6 address is present but not used

Sunday, August 28, 2016 2:57 PM
0

Sign in to vote

I will feedback this issue in our platform. Thanks for your comments on this issue.
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, August 29, 2016 11:02 AM
1

Sign in to vote

Hi,

In addition, as I known, Temporary addresses may be used as source address for originating connections, while external hosts use a public address by querying the Domain Name System.

Network interfaces configured for IPv6 use temporary addresses by default in OS X Lion or later Apple systems, and in Windows Vista, Windows 2008 Server or later Microsoft systems.

More specifically, each process generates a resource request and the OS delivers. The IPv6 SAA is defined in RFC 2462, but the "Temporary IPv6 Address" is because of Windows implementation of RFC 4941. So the question becomes what process is responsible for initiating an OS request to open a socket that has these Privacy Extensions.

You can check if your OS has enable this feature:

netsh interface ipv6 show privacy

If you don't like to use it, you can disable it by using this command:

netsh interface ipv6 set global randomizeidentifiers=disabled

Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Tuesday, August 30, 2016 12:53 PM

There are temporary addresses, but since none of the web browsers or even ping like to use them after a few hours (perhaps until a second temporary address is generated?), they don't seem to be terribly useful.

When I query Google about my ip address in Chrome, Edge, or Firefox, I get:

2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXc4
Your public IP address

From ipconfig we can see that this is not one of the temporary IPv6 addresses:

Ethernet adapter vEthernet (Hyper-V Ethernet) 2:

   Connection-specific DNS Suffix  . : private
   IPv6 Address. . . . . . . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXc4
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXeb
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX9a
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXb2
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXb8
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX0a
   Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX88
   Link-local IPv6 Address . . . . . : fe80::XXXX:XXXX:XXXX:XXc4%13
   IPv4 Address. . . . . . . . . . . : 192.168.XXX.XXX
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::XXXX:XXXX:XXXX:XX66%13
                                       192.168.XXX.XXXX

If Edge should not be using a temporary IPv6 address, then why does it sometimes do so (e.g., for a while after the network stack has been reset)?

This is what netsh shows:

PS C:\Windows\System32> netsh interface ipv6 show privacy
Querying active state...

Temporary Address Parameters
---------------------------------------------
Use Temporary Addresses             : enabled
Duplicate Address Detection Attempts: 3
Maximum Valid Lifetime              : 7d
Maximum Preferred Lifetime          : 1d
Regenerate Time                     : 5s
Maximum Random Time                 : 10m
Random Time                         : 6m11s

PS C:\Windows\System32> netsh interface ipv6 show global
Querying active state...

General Global Parameters
---------------------------------------------
Default Hop Limit                   : 128 hops
Neighbor Cache Limit                : 256 entries per interface
Route Cache Limit                   : 4096 entries per compartment
Reassembly Limit                    : 132704096 bytes
ICMP Redirects                      : enabled
Source Routing Behavior             : dontforward
Task Offload                        : enabled
Dhcp Media Sense                    : enabled
Media Sense Logging                 : disabled
MLD Level                           : all
MLD Version                         : version3
Multicast Forwarding                : disabled
Group Forwarded Fragments           : disabled
Randomize Identifiers               : enabled
Address Mask Reply                  : disabled
Minimum Mtu                         : 1280

Current Global Statistics
---------------------------------------------
Number of Compartments              : 1
Number of NL clients                : 7
Number of FL providers              : 4

Wednesday, August 31, 2016 2:17 AM

0

Sign in to vote
I am seeing the same behavior on Windows 10 Home.

Initially browsers use the temporary IPV6 address. After a while they start consistently using the permanent one. I do think this is a bug but it appears few others have even noticed this behavior.

Ping does the same thing.

On the plus side the 64 bit ipv6 interface identifier that windows 10 generates is not based on the Ethernet MAC address.

But still things are broken (at least on my system)

Windows 10 Home version 1607 Build 14393.693
- Edited by KolyaBerries Friday, February 24, 2017 8:43 AM
Friday, February 24, 2017 8:30 AM
2

Sign in to vote

This is still a problem in 16299.64. What is the point of having temporary IPv6 addresses if they are often not used? After a reboot, the temporary address works as it should, but when a new temporary address is added, everything goes back to using the permanent address.

All the "do not track", Ghostery, Privacy Badger, tools in the world are of little help if the lower 64 bits of the computer's address is always the same and pretty much guaranteed to be unique.

Making privacy promises and then not keeping them is arguably not a security vulnerability, but it is very close to one.

Saturday, November 25, 2017 5:40 PM
0

Sign in to vote
This is still a problem in 16299.64. What is the point of having temporary IPv6 addresses if they are often not used? After a reboot, the temporary address works as it should, but when a new temporary address is added, everything goes back to using the permanent address.

All the "do not track", Ghostery, Privacy Badger, tools in the world are of little help if the lower 64 bits of the computer's address is always the same and pretty much guaranteed to be unique.

Making privacy promises and then not keeping them is arguably not a security vulnerability, but it is very close to one.

I've just found this thread, after realizing that my SLAAC configuration leaks my (non-randomized) global address :(

Checked uptime and ipconfig, whatnot, my system is just beyond the temporary address maximum preferred lifetime of 1 day, so previous (working) temporary addresses got deprecated, browser (Chrome) now just tells everyone about private matters...

Build: 10.0.16299.192

PS: would love to use new RDNSS feature, but DHCPv4 advertised DNSv4 knocks it out :(
- Edited by GethDeeo Monday, January 8, 2018 10:15 PM
Monday, January 8, 2018 9:55 PM
0

Sign in to vote
Still a problem in 2018, a year and a half later. I am on Windows 10 version 1709, build 16299.192. ipconfig shows multiple addresses but a "what's my ip search" shows the permanent address.

My only solution so far - rebooting. Yes after a reboot Windows starts using the temporary address. Not exactly convenient though.
- Edited by chue12 Wednesday, February 14, 2018 1:17 PM
Wednesday, February 14, 2018 1:13 PM
0

Sign in to vote
Before rebooting, you might try something like this in PowerShell:

Get-NetIPAddress -AddressFamily IPv6 -SuffixOrigin Random -AddressState Deprecated | Remove-NetIPAddress -Confirm

Something like this might also work (changing the interface name to match the appropriate interface):

netsh interface set interface name=Ethernet admin=disabled netsh interface set interface name=Ethernet admin=enabled
- Edited by henricj Wednesday, February 14, 2018 3:41 PM
Wednesday, February 14, 2018 3:40 PM
0

Sign in to vote

This seems to have been fixed sometime between build 16299 and 17127. I'll keep checking, but so far I haven't seen the problem since I switched to the slow ring insider builds.

Tuesday, March 27, 2018 7:55 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

How does one get the system to actually use the IPv6 Temporary Addresses?

Question

All replies