Ubuntu 12.04 Precise Pangolin and IPv6 privacy addresses

The newly released Ubuntu LTS includes a very poor default configuration concerning IPv6 and privacy addresses. This feature is enabled by default, hardcoded (as it seems) in the last release of NetworkManager.

While this choice is understandable, it can’t be changed and this is unfortunate: almost no one really needs this feature and it breaks AAAA/PTR DNS mappings in well-managed networks.

How to circumvent this cleanly?

Since NetworkManager resets net/ipv6/conf/$IF/use_tempaddr during each connection attempt, sysctl alone does not suit here.

EDIT: while the fix below works, it is rather complicated. It seems that NM reads /etc/syscl.conf, but not /etc/sysctl.d/*. Therefore, you just have to comment out sysctl lines in /etc/sysctl.d/10-ipv6-privacy.conf and use them in /etc/sysctl.conf. All my thanks goes to Mathieu Trudel-Lapierre :)

I simply wrote a small executable script in /etc/network/if-up.d/no-ipv6-privacy which is called by the NetworkManager ifup plugin at each successful connection:

sysctl -e net/ipv6/conf/wlan0/use_tempaddr=1
sysctl -e net/ipv6/conf/eth0/use_tempaddr=1

You just need to chmod +x the new script and restart NM with sudo service network-manager restart.

Want some fun with NM? On wired or wireless connection with native IPv6 connectivity, try to connect to some IPv6 enabled websites/hosts and take a look at the IPv6 routing table (ip -6 route). WTF? Every destination is present in the routing table, with a specific /128 route via the link-local address learnt by Router Advertisement… What an efficient way to fuckup a VPN setup intended to route all IP traffic through the tunnel…

You have to edit the connection profile to disable this bug: IPv6 Settings tab > Routes > Check ‘Ignore automatically obtained routes.’ and voilà!