[OS X] Disable IPv6 Address Privacy

Posted on in Networking

cover image for article

For those that are really into privacy, the Privacy Extensions defined in RFC 4941 are a really good thing. This extension circumvents SLAAC and has the result of randomizing your IPv6 address. Like I said, if privacy is a big deal for you, this is definitely something you want enabled. Fortunately for you, this feature is enabled by default in OS X.

Unfortunately, I ran into a situation recently where my ever-changing IPv6 address was causing a bit of a problem for debugging. My primary interface had more than half a dozen temporary IPv6 addresses assigned:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 14:10:9f:d7:18:fb 
    inet6 fe80::1610:9fff:fed7:18fb%en0 prefixlen 64 scopeid 0x4 
    inet 192.168.2.30 netmask 0xffffff00 broadcast 192.168.2.255
    inet6 2605:6000:ed0a:f00:1610:9fff:fed7:18fb prefixlen 64 autoconf 
    inet6 2605:6000:ed0a:f00:1918:1efc:e71c:bf2d prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:9068:7428:1beb:5c39 prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:cd7a:dd40:6a73:f551 prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:cc06:11b1:4c97:52b2 prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:b5c7:15a7:5e1c:eb9c prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:e0c2:a431:7457:cdc2 prefixlen 64 deprecated autoconf temporary 
    inet6 2605:6000:ed0a:f00:d9b3:6c23:9f24:d589 prefixlen 64 autoconf temporary 
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

If you absolutely need to use a single address, then disabling the RFC 4941 privacy extensions is the answer. Open a Terminal window and run the following command:

sudo sysctl -w net.inet6.ip6.use_tempaddr=0

Don't forget to add that to /etc/sysctl.conf if you want the change to persist between reboots.

After that, bounce the interface you care about (probably en0) however you prefer (disable and re-enable Wi-Fi, perhaps) and you should notice that you no longer are being assigned temporary IPv6 addresses.

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 14:10:9f:d7:18:fb 
    inet6 fe80::1610:9fff:fed7:18fb%en0 prefixlen 64 scopeid 0x4 
    inet6 2605:6000:ed0a:f00:1610:9fff:fed7:18fb prefixlen 64 autoconf 
    inet 192.168.2.30 netmask 0xffffff00 broadcast 192.168.2.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

Remember that SLAAC` uses your MAC address to generate your IPv6 address. In other words, your MAC address is encoded in everything you're doing. If you have concerns about your digital privacy, this is not for you!

USE WITH CAUTION

Slaptijack's Koding Kraken