How to prevent IPv6 privacy extensions from breaking my long-lived SSH sessions?

4

When using SSH from my Windows 7 desktop to Linux servers, via IPv6, I'm having the following two problems, because of IPv6 Privacy Extensions:

  1. I'm used to keep ssh sessions open for days or weeks. Now, when using IPv6, they are disconnected after several hours of inactivity. I suppose this happens when my "private" IPv6 address changes.

  2. Each time I log in, the "Last login" greeting shows a different IP address (naturally), since a new fresh "private" IPv6 address is used.

I don't want to disable IPv6 privacy extensions outright on my Windows 7 desktop, as it has its uses and enhances the privacy somewhat. I wonder, however, if I can make Windows use non-private IPv6 address as a source of some connections, or if I can prevent a private IPv6 address change if there are open TCP sessions using that address.

My SSH client is SecureCRT 6.1, and there are no options/settings there that are related to this issue.

haimg

Posted 2011-12-18T18:15:20.877

Reputation: 19 503

1Why aren't you using such an old version of SecureCRT? Has your licence lapsed? I remember there being IPv6 support improvements several months ago, but I cannot remember if they were related. – paradroid – 2011-12-18T18:29:16.847

I've read their "history" and didn't find anything related to this specific issue. And yes, my license does not allow free updates any longer. – haimg – 2011-12-18T18:31:37.093

Adding a static route should work; netsh in ipv6 add ro <serveraddress>/128 "Local Area Network" <localaddress> – user1686 – 2011-12-18T19:05:01.343

Answers

1

The privacy addresses are not 'recycled' until they are no longer used, so they shouldn't cause this problem. Are you sure it is not caused by a firewall session timing out? In that case enabling heartbeat / keepalive will prevent your session from dying.

Sander Steffann

Posted 2011-12-18T18:15:20.877

Reputation: 4 169

I'm sure this is not firewall-related as servers both inside and outside the firewall are affected. I've enabled "anti-idle" in SecureCRT and will see if it helps... – haimg – 2011-12-18T21:46:08.947

4IPv6 address have a "validity", which might be differrent of the preferred time. Once an address reach the end of the "preferred" state, a new one is generated and is made the default outgoing address. The old address is kept until the end of the "validity". But is dropped once this period is reached (and connections using this adress are then closed) – slubman – 2011-12-19T15:37:15.010

Asked: 2011-12-18T18:15:20.877

Viewed: 1 206 times

Active: 2011-12-18T20:44:08.240