SSH connection drop with IPv6 Privacy Extensions
Shadow Hawkins on Saturday, 19 June 2010 14:29:47
From time to time, I had random SSH connection drops (at least when idle), but did not find out what the culprit was. I've changed firewall settings, tunnel types, tried another server, added client keepalive settings, but to no avail.
Now I've discovered that it seems to be related to the IPv6 Privacy Extensions that assign a random IP every once in a while. When I have static IPv6 assigned via radvd, it works like a charm.
Is this a known issue? Is there a workaround?
Is it related to my iptables timeout configuration, or maybe a local problem on my (Mac) client?
The error message on the router always is "icmpv6_send: no reply to icmp error".
If anyone made similar experiences, let me know. Thanks!
SSH connection drop with IPv6 Privacy Extensions
Shadow Hawkins on Saturday, 31 July 2010 10:06:49
Well sure, the address changes, so the connection is broken. In windows you disable privacy extensions with "netsh interface ipv6 set privacy state=disabled". There should be an equivalent command or setting for the Mac.
I think the privacy settings are a pretty dumb idea in the first place.
SSH connection drop with IPv6 Privacy Extensions
Jeroen Massar on Monday, 02 August 2010 10:52:01 I think the privacy settings are a pretty dumb idea in the first place.
They are not a 'dumb' idea, they are pretty clever, they are pretty useless though if your host stays in one subnet. The moment you start traveling around though it becomes a better idea, especially for webbrowsing, that way at least the EUI-64 portion cannot be used for tracking who you are.
For SSH and other such protocols though it is a feature you indeed do not want.
I personally simply disable it, because I like my SSH to come from the correct address.
For applications there is btw a flag which allows one to state "I do not want privacy addresses". See RFC5041, of course the application has to support that, and the user will want to like that flag for that connection.
Posting is only allowed when you are logged in. |