5

In Windows Vista and later versions, you can assign a static IPv6 address and the gateway to the interface via a GUI or alternatively with netsh. Addresses can also be statically configured on Windows XP with 

netsh interface ipv6 add address "Local Area Network" 2001:db8::bad:f00d

And the default route with:

netsh interface ipv6 add route ::/0 "Local Area Network" 2001:db8::1

But the problem with this is that if RA-emmiting router is present on link, the Windows XP will also assign itself a automatically generated address based on the advertised prefix and a link-local (fe80::) address of the router as a default gateway.

How can I turn off the autoconfiguration if the host is addressed statically?

UPDATE

It seems that there is no straightforward way of disabling SLAAC without disabling IPv6 itself. Is there a registry setting to do so?

  • 1
    @MichaelHampton I'd like the host to have a specific address. There are hosts on the same segment that are configured statelessly. Since the host is statically configured, having SLAAC enabled just increases the attack surface (rogue RA, for example) –  Jul 31 '12 at 16:12

3 Answers3

5

Getting an XP box up on my local IPv6 network was... fun. Not.

So, in one image, here's the problem: XP's support for IPv6 is minimal at best. I don't believe it's possible to disable stateless autoconfiguration - or even to use anything but.

Windows XP IPv6 FAIL

First off, I get my stateless autoconfiguration just fine, as well as my privacy address. The privacy address works on the global Internet, which I confirmed by visiting my IP address tool in Google Chrome.

So we start fiddling.

First, the GUI doesn't provide any configuration options for IPv6; see that "Properties" is grayed out. Everything you might want to do must be done from the command line.

The routerdiscovery=disabled suggestion from @MikePennington doesn't work because this command isn't supported on XP at all. It requires Vista or later.

The so-called Advanced Networking Pack for Windows XP can be downloaded for SP1 systems, but this functionality was included in SP2 and whatever it provides should be available already on any SP2 or higher system.

Once installed, an ipv6 command becomes available, but it doesn't provide anything relevant to disabling neighbor discovery.

Unfortunately, Windows Firewall on XP doesn't distinguish between IPv4 and IPv6 connections, and so it's impossible to select ICMPv6 messages to block in the firewall. This rules out any Windows Firewall workarounds.

Finally, XP doesn't even support DHCPv6.

IPv6 itself has matured since this code was released in 2003 (and Microsoft seemingly never updated it on XP) so it is limited by what was known about IPv6 almost ten years ago. As far as I can tell, IPv6 support in Windows XP should be considered "technology preview" and not used in production, or at least used with extreme caution and full understanding of its limitations.

Of course, XP is nearing the end of its useful life at this point, (and some would say it already passed the end of its useful life) so if you can upgrade the box, that's probably the easiest solution.

TL;DR: Look at the pretty picture. Weep. Upgrade to a current version of Windows.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
1

How can I turn off the autoconfiguration if the host is addressed statically?

It's worth asking why you're assigning a static default and address if you already have ipv6 autoconfiguration on your routers.

However, to accomplish what you're looking for, use this command from an administrator's cmd.exe shell...

netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disabled

Source: MSDN technet

EDIT

Since you're using XP, block the RA messages with Windows Firewall.

Mike Pennington
  • 8,266
  • 9
  • 41
  • 86
  • 1
    `routerdiscovery` is available from Vista onwards. Not on XP. –  Jul 30 '12 at 14:12
  • Then block the RA messages with Windows firewall – Mike Pennington Jul 30 '12 at 14:16
  • 2
    Um... Windows Firewall with Advanced Security? XP only has a basic firewall. –  Jul 30 '12 at 14:30
  • Yeah, that setting is not available on XP. – Joseph Jul 30 '12 at 14:30
  • According to [this technet article](http://technet.microsoft.com/en-us/library/bb726943.aspx) it is available for XP SP1, but you have to install yourself: *IPv6 Internet Connection Firewall is only provided with the Advanced Networking Pack for Windows XP, a free download for computers running Windows XP with Service Pack 1.* What XP SP are you running? – Mike Pennington Jul 30 '12 at 14:39
  • I am running SP3. –  Jul 30 '12 at 15:07
  • Advanced Networking Pack for Windows XP refuses to install on an XP SP3 system, claiming the service pack version is too new. I'd still like to know what's really going on here. – Michael Hampton Jul 30 '12 at 20:42
  • My guess is that Advanced Networking Pack is included in SP2 and SP3. Nevertheless, from what I could gather, even with ANP, this is still just a simple application-level firewalling albeit on IPv6. –  Jul 31 '12 at 11:47
0

I can't name one specifically that has the functionality but the built-in XP firewall isn't the only software firewall available. Perhaps one of the other firewall software packages can chuck out those packets for you?

Mark
  • 2,248
  • 12
  • 15