Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 2, 2017 1:14 AM
I can't seem to find where in Windows 10 that I can disable the privacy extensions for a SLAAC address for only a certain prefix. I see I can turn it completely off or completely on. In the RFC4941, it specifically states that implementations should provide a way to enable or disable temporary addresses for a specific prefix. But it seems Windows 10 hasn't done so yet?
https://tools.ietf.org/html/rfc4941
Additionally, sites might wish to selectively enable or disable the
use of temporary addresses for some prefixes. For example, a site
might wish to disable temporary address generation for "Unique local"
[ULA] prefixes while still generating temporary addresses for all
other global prefixes. Another site might wish to enable temporary
address generation only for the prefixes 2001::/16 and 2002::/16,
while disabling it for all other prefixes. To support this behavior,
implementations SHOULD provide a way to enable and disable generation
of temporary addresses for specific prefix subranges.
Windows should disable Privacy Extensions by default for ULA Addresses (fd00::) assigned by SLAAC. There is no reason to have a temporary address for these addresses on a local lan. Since if a user has access to the Local LAN, they can just issue a IPv6 Neighbor Discovery and get the MAC address of neighboring clients anyway.
In fact, other distributions like Android already does this, and will only issue privacy extensions on global addresses. Windows should do this, or at least follow the RFC and allow us to tell it to not issue Temporary Addresses for (fd00:: prefixes).
All replies (1)
Friday, February 3, 2017 6:55 AM
Hi Codster314,
That article use a word "SHOULD". It means that this behavior is "recommended" but "not necessary".
As far as I know, it is only available for Windows system to disable all the IPv6 Privacy Extensions or not.
netsh interface ipv6 set privacy state=disabled
There is no other configuration available.
You could submit the case with the "Feedback" hub. I hope this feature will be added to Windows 10 system in the near future. I will submit the need on my side.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].