How to ensure that IPv6 temporary address is the preferred address?

2

Opening https://www.google.com/#q=what+is+my+ip in any browser shows xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx8e (my permanent ipv6 address, see below), even though windows is configured to use ipv6 privacy extensions.

After a reboot or resetting the interface temporary addresses are used for some time, but after one expires and is replaced with a new preferred one they are not used as source address for outgoing connections any more.

PS C:\WINDOWS\system32> Get-NetIPv6Protocol

UseTemporaryAddresses         : Always
MaxTemporaryDadAttempts       : 3
MaxTemporaryValidLifetime     : 7.00:00:00
MaxTemporaryPreferredLifetime : 1.00:00:00
TemporaryRegenerateTime       : 00:00:05
MaxTemporaryDesyncTime        : 00:10:00

PS C:\WINDOWS\system32> Get-NetIPAddress | Format-Table

ifIndex IPAddress                                       PrefixLength PrefixOrigin SuffixOrigin AddressState PolicyStore
------- ---------                                       ------------ ------------ ------------ ------------ -----------
5       xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx9f                  128 RouterAdv... Random       Deprecated   ActiveStore
5       xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx92                  128 RouterAdv... Random       Preferred    ActiveStore
5       xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx8e                   64 RouterAdv... Link         Preferred    ActiveStore

the8472

Posted 2017-03-24T16:07:12.407

Reputation: 385

Answers

4

AFAIK, this is a bug in Windows and is still broken in build 16299.64. It is a nasty privacy problem since it works until the temporary IPv6 address is first updated can lead people to believe they aren't leaving a unique 64-bit identifier (the lower half of the permanent IPv6 address) wherever they go.

I found this post here on superuser after poking a year-old thread on TechNet regarding the same problem:

https://social.technet.microsoft.com/Forums/windows/en-US/57925467-2b8d-4c2d-b1f2-b0402581a30e/how-does-one-get-the-system-to-actually-use-the-ipv6-temporary-addresses?forum=win10itpronetworking

EDIT: This problem seems to have been fixed sometime between build 16299 and 17127.

Henric Jungheim

Posted 2017-03-24T16:07:12.407

Reputation: 56

The windows 10 april 2018 update fixed it for me. – the8472 – 2018-06-21T23:44:12.120

1

This has been working for me for the past week or so. I believe the issue must have been fixed in the March 13, 2018 KB4088776 Cumulative Update, as it was installed on my systems shortly before I noticed that IPv6 privacy addresses work properly now.

There's nothing specific to IPv6 in the official list of "Improvements and Fixes", but it may be part of the general "security updates" bullet point.

user169501

Posted 2017-03-24T16:07:12.407

Reputation:

KB4088776 is installed but it's still using the permanent address after a day. Definitely not fixed. – the8472 – 2018-03-27T18:04:09.610

@the8472 Interesting. Now I'm quite curious as to what changed to make it start working for me. – None – 2018-03-27T18:21:09.707

Asked: 2017-03-24T16:07:12.407

Viewed: 1 503 times

Active: 2018-03-27T08:00:36.390