1

I'm running a Windows server and trying to get it to use a static IPv6 address for outgoing connections to other IPv6 hosts (such as Gmail). I need this because Gmail requires a ptr record, and I can't set one for random addresses.

The static address is configured on the host, but it also has a temporary privacy address as well as a random address from the router it seems. By default Windows uses the privacy address; it seems this is the expected behavior (and it makes perfect sense for people/users that did not set a static address, but I did!).

I've tried disabling the privacy address with:

netsh int ipv6 set privacy disabled

This indeed gets rid of the privacy address, but I still have the random address that the router assigned. To disable this, it was said I needed to disable "router discovery" using this command:

net interface ipv6 set interface 14 routerdiscovery=disabled

Upon doing this, all IPv6 connectivity is lost. If I do this while pinging Gmail, it will report "Destination host unreachable" as soon as I enter the command. In the static IPv6 configuration, I did configure the default gateway and prefix length, so I don't see why it's unable to connect. Probably has something to do with the lack of ARP in IPv6 and somehow being unable to resolve the router's MAC, but I wouldn't know how to fix this.

Finally I've tried disabling the DHCPv6 lease with these commands:

netsh interface ipv6 set interface "IDMZ Team" managedaddress=disabled
netsh interface ipv6 set interface "IDMZ Team" otherstateful=disabled

Which was to no avail; the host continues to obtain and use the router-assigned IPv6 address.

The router is a FritzBox 7340, which shows me all the IPv4 and IPv6 addresses that the host (identified by MAC) utilizes, but I'm unable to change the assigned address. Maybe this could be done over the telnet interface of the router somehow, but again, I wouldn't know how to do this even if it's the way to go.

In short, any of the following would probably solve my problem:

  • Change Windows' source address selection behavior.
  • Have Windows not get an address from the router and not generate a privacy address;
  • Have the router hand out a static address and make Windows use that as source address.
  • Recover connectivity after disabling router discovery on Windows.

Alternatively I might use some (batch, perl, ...) script to throw away all IPv6 addresses except the desired one, but this feels rather hacky. If it's the only way (or less hacky than another hacky solution), it might be an option though.

Thanks!

Community
  • 1
Luc
  • 263
  • 2
  • 17
  • Why aren't you getting PTR records set? Your server _is_ part of an Active Directory domain, right? – Michael Hampton Sep 28 '13 at 15:28
  • @MichaelHampton I'm not running an AD, and I can't automatically configure the DNS PTR records (I have to call my ISP for each change). But how hard can it be to just give a host a static IP address? It wasn't this difficult in v4 anyway. – Luc Sep 28 '13 at 18:23
  • I would be focusing my attention on why you loose connectivity with `routerdiscovery=disabled`. I am the OP of the question you linked to, and I disable routerdiscovery/managedaddress/otherstateful on all my server boxes now, without any issue with static configuration and default router. What version of Windows are you talking about? – fukawi2 Oct 31 '13 at 02:28
  • @fukawi2 Windows 7. (Yeah I know I should get a real server OS, I just didn't get around to moving everything yet) – Luc Oct 31 '13 at 17:12
  • Your connection stops working because you get the default IPv6 gateway with your automatically configured address. After disabling solicitations, configure your router's IPv6 address as your gateway like you would with IPv4. But be careful - many routers will advertise their "random" link-local address for gateway purposes. It could change on you. You may have to first assign a nice fixed address to your router's LAN side, such as `fe80::1`, and only then use it as the gateway. – Zdenek Dec 28 '18 at 20:09

1 Answers1

1

The 'random address from the router' is probably your EUI-64 address, which is based on your MAC address. So it is probably not random and will stay stable over time (until you change hardware). Compare your MAC address to your IPv6 address. If your MAC address is 01:23:45:67:89:ab then your IPv6 address will end in ...:0323:45ff:fe67:89ab. You could add a PTR record for that address as well.

But I would like to suggest another solution: if you are sending mail directly to the receiver's mail server then you are running mail server software. You should be able to bind that server software to specific IP addresses. That way your mail server will always use the configured address when making outbound connections, while all other software can use whatever addresses are available on your host (static, autoconf, DHCPv6, privacy etc)

Sander Steffann
  • 7,572
  • 18
  • 29
  • It's not the EUI-64 address, in that case it would have been semi-static (static as long as the physical server remains the same) and I could indeed have set a ptr record for that. But unfortunately it's not. Binding the mailserver is a good idea, I hadn't thought of that yet! However I think I can only bind *listening* ports/sockets, not outgoing connections. But I'll try it and comment again. Thanks for your reply! – Luc Sep 28 '13 at 18:26
  • Okay I found a setting to bind to a specific source address for mail delivery, but now all IPv4 servers fail (e.g. I can't send mail to Hotmail anymore). Setting it to an IPv4 source address, IPv6 fails to connect, but Gmail has a fallback to v4 and so the mail gets delivered. It feels like loosing to have to use v4, but it is a solution so I'll mark your answer as such. Thanks again for the suggestion! – Luc Sep 28 '13 at 18:45
  • @Luc Your mail server should be able to bind to specific IPv4 and IPv6 addresses at the same time, but you forgot to name it, so we can't really help you fix that. – Michael Hampton Sep 28 '13 at 18:50
  • @MichaelHampton There is only one field to input an address to bind to. The hmailserver webinterface doesn't even allow v6 input, I had to enter it via remote desktop in the admin panel, so even binding to one v4 address seems only half implemented. Maybe I could use the routes feature instead, but then I'd have to configure each host uniquely, which is even worse than falling back to v4 (there aren't that many v6 hosts yet). If you know a way to get rid of the excess v6 addresses on my server altogether though, I might accept that answer instead... – Luc Sep 28 '13 at 19:10
  • From the hMailServer manual: "Similarly, when you configure hMailServer to listen or bind to a specific IP address, you can enter either an IPv4 address or an IPv6 address.". They don't understand what they are doing... Having to choose between IPv4 and IPv6 makes no sense... – Sander Steffann Sep 28 '13 at 19:21