none
How does one get the system to actually use the IPv6 Temporary Addresses? RRS feed

  • Question

  • Is there some trick to getting the system to actually use the IPv6 Temporary Addresses? On multiple system, some in a domain and some stand-alone, both before and after the Anniversary Update, the fixed IPv6 address is used after a few hours.  Mucking with the network (e.g., turning temporary addresses off and on) gets the system to use a temporary address for a while, but check back in a few hours or the next day, and the permanent address the one being used.   "ipconfig" shows multiple temporary IPv6 addresses available, but checking https://www.google.com/#q=what+is+my+ip in Edge, Chrome, and Firefox show the permanent address being used.  "ping" can be convinced to use another address with the "-S", but otherwise it also selects the permanent address.

    Am I the only person seeing this?  Could it be some oddity of this network (Cox DHCPv6-PD through an EdgeRouter Lite)?

    Having, but not using, temporary IPv6 addresses does not provide much in the way of privacy.

    Sunday, August 28, 2016 2:55 PM

All replies

  • This is has been on Feedback Hub for months: Temporary IPv6 address is present but not used
    Sunday, August 28, 2016 2:57 PM
  • I will feedback this issue in our platform. Thanks for your comments on this issue.

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 29, 2016 11:02 AM
    Owner
  • Hi,

    In addition, as I known, Temporary addresses may be used as source address for originating connections, while external hosts use a public address by querying the Domain Name System.

    Network interfaces configured for IPv6 use temporary addresses by default in OS X Lion or later Apple systems, and in Windows Vista, Windows 2008 Server or later Microsoft systems.

    More specifically, each process generates a resource request and the OS delivers. The IPv6 SAA is defined in RFC 2462, but the "Temporary IPv6 Address" is because of Windows implementation of RFC 4941. So the question becomes what process is responsible for initiating an OS request to open a socket that has these Privacy Extensions.

    You can check if your OS has enable this feature:

    netsh interface ipv6 show privacy

    If you don't like to use it, you can disable it by using this command:

    netsh interface ipv6 set global randomizeidentifiers=disabled


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 30, 2016 12:53 PM
    Owner
  • There are temporary addresses, but since none of the web browsers or even ping like to use them after a few hours (perhaps until a second temporary address is generated?), they don't seem to be terribly useful.

    When I query Google about my ip address in Chrome, Edge, or Firefox, I get:

    2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXc4
    Your public IP address

    From ipconfig we can see that this is not one of the temporary IPv6 addresses:

    Ethernet adapter vEthernet (Hyper-V Ethernet) 2:
    
       Connection-specific DNS Suffix  . : private
       IPv6 Address. . . . . . . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXc4
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXeb
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX9a
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXb2
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XXb8
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX0a
       Temporary IPv6 Address. . . . . . : 2600:8800:XXXX:XXXX:XXXX:XXXX:XXXX:XX88
       Link-local IPv6 Address . . . . . : fe80::XXXX:XXXX:XXXX:XXc4%13
       IPv4 Address. . . . . . . . . . . : 192.168.XXX.XXX
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : fe80::XXXX:XXXX:XXXX:XX66%13
                                           192.168.XXX.XXXX

    If Edge should not be using a temporary IPv6 address, then why does it sometimes do so (e.g., for a while after the network stack has been reset)?

    This is what netsh shows:

    PS C:\Windows\System32> netsh interface ipv6 show privacy
    Querying active state...
    
    Temporary Address Parameters
    ---------------------------------------------
    Use Temporary Addresses             : enabled
    Duplicate Address Detection Attempts: 3
    Maximum Valid Lifetime              : 7d
    Maximum Preferred Lifetime          : 1d
    Regenerate Time                     : 5s
    Maximum Random Time                 : 10m
    Random Time                         : 6m11s
    
    PS C:\Windows\System32> netsh interface ipv6 show global
    Querying active state...
    
    General Global Parameters
    ---------------------------------------------
    Default Hop Limit                   : 128 hops
    Neighbor Cache Limit                : 256 entries per interface
    Route Cache Limit                   : 4096 entries per compartment
    Reassembly Limit                    : 132704096 bytes
    ICMP Redirects                      : enabled
    Source Routing Behavior             : dontforward
    Task Offload                        : enabled
    Dhcp Media Sense                    : enabled
    Media Sense Logging                 : disabled
    MLD Level                           : all
    MLD Version                         : version3
    Multicast Forwarding                : disabled
    Group Forwarded Fragments           : disabled
    Randomize Identifiers               : enabled
    Address Mask Reply                  : disabled
    Minimum Mtu                         : 1280
    
    Current Global Statistics
    ---------------------------------------------
    Number of Compartments              : 1
    Number of NL clients                : 7
    Number of FL providers              : 4


    Wednesday, August 31, 2016 2:17 AM
  • I am seeing the same behavior on Windows 10 Home.

    Initially browsers use the temporary IPV6 address. After a while they start consistently using the permanent one. I do think this is a bug but it appears few others have even noticed this behavior.

    Ping does the same thing.

    On the plus side the 64 bit ipv6 interface identifier that windows 10 generates is not based on the Ethernet MAC address.

    But still things are broken (at least on my system)

    Windows 10 Home version 1607 Build 14393.693

    Friday, February 24, 2017 8:30 AM
  • This is still a problem in 16299.64.  What is the point of having temporary IPv6 addresses if they are often not used?  After a reboot, the temporary address works as it should, but when a new temporary address is added, everything goes back to using the permanent address.

    All the "do not track", Ghostery, Privacy Badger, tools in the world are of little help if the lower 64 bits of the computer's address is always the same and pretty much guaranteed to be unique.

    Making privacy promises and then not keeping them is arguably not a security vulnerability, but it is very close to one.

    Saturday, November 25, 2017 5:40 PM
  • This is still a problem in 16299.64.  What is the point of having temporary IPv6 addresses if they are often not used?  After a reboot, the temporary address works as it should, but when a new temporary address is added, everything goes back to using the permanent address.

    All the "do not track", Ghostery, Privacy Badger, tools in the world are of little help if the lower 64 bits of the computer's address is always the same and pretty much guaranteed to be unique.

    Making privacy promises and then not keeping them is arguably not a security vulnerability, but it is very close to one.

    I've just found this thread, after realizing that my SLAAC configuration leaks my (non-randomized) global address :(

    Checked uptime and ipconfig, whatnot, my system is just beyond the temporary address maximum preferred lifetime of 1 day, so previous (working) temporary addresses got deprecated, browser (Chrome) now just tells everyone about private matters...

    Build: 10.0.16299.192

    PS: would love to use new RDNSS feature, but DHCPv4 advertised DNSv4 knocks it out :(



    • Edited by GethDeeo Monday, January 8, 2018 10:15 PM
    Monday, January 8, 2018 9:55 PM
  • Still a problem in 2018, a year and a half later.  I am on Windows 10 version 1709, build 16299.192.  ipconfig shows multiple addresses but a "what's my ip search" shows the permanent address.

    My only solution so far - rebooting.  Yes after a reboot Windows starts using the temporary address.  Not exactly convenient though.



    • Edited by chue12 Wednesday, February 14, 2018 1:17 PM
    Wednesday, February 14, 2018 1:13 PM
  • Before rebooting, you might try something like this in PowerShell:

    Get-NetIPAddress -AddressFamily IPv6 -SuffixOrigin Random -AddressState Deprecated | Remove-NetIPAddress -Confirm

    Something like this might also work (changing the interface name to match the appropriate interface):

    netsh interface set interface name=Ethernet admin=disabled
    netsh interface set interface name=Ethernet admin=enabled


    • Edited by henricj Wednesday, February 14, 2018 3:41 PM
    Wednesday, February 14, 2018 3:40 PM
  • This seems to have been fixed sometime between build 16299 and 17127.  I'll keep checking, but so far I haven't seen the problem since I switched to the slow ring insider builds.
    Tuesday, March 27, 2018 7:55 AM