[technique] IPv6 et vie privee

Solarus solarus at ultrawaves.fr
Sam 13 Oct 10:22:24 CEST 2012 

Le 13/10/2012 09:51, Laurent GUERBY a écrit :
> Une question pour les spécialistes : est-ce qu'au niveau
> de la configuration serveur RA/DHCPv6 on peut "forcer"
> les utilisateurs a ne pas reveler leur MAC ?
>
Salut Laurent.

Une partie de la réponse a été apportée dans cette article en anglais.
Surement puis-je apporter une traduction pour le wiki :
http://superuser.com/questions/243669/how-to-avoid-exposing-my-mac-address-when-using-ipv6

DHCPv6 et SLAAC se servent des adresses MAC client sous forme EUI-64,
mais on peut outrepasser cela.
Il ne s'agit pas ici d'une configuration coté serveur mais côté client.
Chaque client doit avoir l'option "privacy" activée pour refuser de
transmettre son EUI-64 et choisir un système d'adresses temporaires.

Vous trouverez ci-dessous l'article en question.
Cordialement,
Solarus
_________________________________________________________

This is what IPv6 Privacy Addressing
<http://tools.ietf.org/html/rfc3041> is for. When enabled, the system
will generate a temporary address with a random suffix in addition to
the EUI-64-based address.

  *

    *Windows* (starting with XP SP2) -- enabled by default in XP, Vista, 7:

    |netsh interface ipv6 set privacy state=enabled
    |

  *

    *Linux*:

    To enable temporary addresses and make them preferred for outgoing
    connections:

    |sysctl net.ipv6.conf.all.use_tempaddr=2
    sysctl net.ipv6.conf.default.use_tempaddr=2
    |

    To enable temporary address generation, but keep the old (Autoconf)
    address as preferred:

    |sysctl net.ipv6.conf.all.use_tempaddr=1
    sysctl net.ipv6.conf.default.use_tempaddr=1
    |

    The |all| or |default| part can be replaced with a specific
    interface name; e.g. |net.ipv6.conf.eth0.use_tempaddr|.

    /(I used |ip link set eth0 down && ip link set eth0 up| to force an
    address assignment, but you can just wait a minute for the next
    periodic Router Advertisement.)/

  *

    *Mac OS X* -- enabled by default since OS X 10.7 Lion:

    |sysctl -w net.inet6.ip6.use_tempaddr=1
    |

    Temporary addresses, if enabled, will be preferred.

  *

    *FreeBSD*:

    |sysctl net.inet6.ip6.use_tempaddr=1

    sysctl net.inet6.ip6.prefer_tempaddr=1
    |

  *

    *NetBSD*:

    |sysctl -w net.inet6.ip6.use_tempaddr=1
    |

    Temporary addresses preference? I have no idea. The autoconf address
    seems to be preferred. |ifconfig| doesn't appear to list any address
    properties.

Notes on configuration:

  *

    *On Linux, OS X, and all BSDs, edit |/etc/sysctl.conf| to make the
    setting permanent.*

  *

    On Windows, the changes will persist automatically.

    /(Append |store=active| to the |netsh| command if you want it to
    only last until reboot.)/

Le problème de certaines de ces solutions étant d'utiliser des adresses
temporaires, ce qui n'a pas tellement d'utilité en IPv6, à part pour
cette problématique de vie privée.

________________________________________________________

This is what IPv6 Privacy Addressing
<http://tools.ietf.org/html/rfc3041> is for. When enabled, the system
will generate a temporary address with a random suffix in addition to
the EUI-64-based address.

  *

    *Windows* (starting with XP SP2) -- enabled by default in XP, Vista, 7:

    |netsh interface ipv6 set privacy state=enabled
    |

  *

    *Linux*:

    To enable temporary addresses and make them preferred for outgoing
    connections:

    |sysctl net.ipv6.conf.all.use_tempaddr=2
    sysctl net.ipv6.conf.default.use_tempaddr=2
    |

    To enable temporary address generation, but keep the old (Autoconf)
    address as preferred:

    |sysctl net.ipv6.conf.all.use_tempaddr=1
    sysctl net.ipv6.conf.default.use_tempaddr=1
    |

    The |all| or |default| part can be replaced with a specific
    interface name; e.g. |net.ipv6.conf.eth0.use_tempaddr|.

    /(I used |ip link set eth0 down && ip link set eth0 up| to force an
    address assignment, but you can just wait a minute for the next
    periodic Router Advertisement.)/

  *

    *Mac OS X* -- enabled by default since OS X 10.7 Lion:

    |sysctl -w net.inet6.ip6.use_tempaddr=1
    |

    Temporary addresses, if enabled, will be preferred.

  *

    *FreeBSD*:

    |sysctl net.inet6.ip6.use_tempaddr=1

    sysctl net.inet6.ip6.prefer_tempaddr=1
    |

  *

    *NetBSD*:

    |sysctl -w net.inet6.ip6.use_tempaddr=1
    |

    Temporary addresses preference? I have no idea. The autoconf address
    seems to be preferred. |ifconfig| doesn't appear to list any address
    properties.

Notes on configuration:

  *

    *On Linux, OS X, and all BSDs, edit |/etc/sysctl.conf| to make the
    setting permanent.*

  *

    On Windows, the changes will persist automatically.

    /(Append |store=active| to the |netsh| command if you want it to
    only last until reboot.)/


-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <http://lists.tetaneutral.net/pipermail/technique/attachments/20121013/8cddcd43/attachment.htm>

Plus d'informations sur la liste de diffusion technique