After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 777018 - network-manager 1.4.4 does not update lifetime of temporary ipv6 addresses anymore, resulting in connection breakage
network-manager 1.4.4 does not update lifetime of temporary ipv6 addresses an...
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: IP and DNS config
1.4.x
Other Linux
: Normal major
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2017-01-08 18:26 UTC by Maximilian Engelhardt
Modified: 2017-01-10 14:52 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[PATCH] platform: don't update IPv6 temporary addresses (1.73 KB, patch)
2017-01-09 17:38 UTC, Beniamino Galvani 		none Details | Review

Description Maximilian Engelhardt 2017-01-08 18:26:28 UTC 
After updating to network-manger 1.4.4-1 in Debian I noticed a lot of breakages in ssh connections.  It turned out this is related to temporary ipv6 addresses being deprecated, deleted and newly created at a rapid rate, thus after a short time the address used by my ssh connection vanishes.

Having a closer look with "ip addr show" explained what is going on. My router advertisements have a short lifetime configured. A new router advertisement does only update the lifetime of the mngtmpaddr but not the temporary addresses. This causes them to time out and permanently being deleted and newly created.

Disabling network-manager doesn't show this problem. Also downgrading network-manager to Debian version 1.4.2-3 fixes this issue for me.

This bugs breaks all ipv6 network connections that are active longer than a few minutes for me.

I was initially reporting this on the Debian bug tracker, but was told to report it here, as it seems to be an upstream issue. For reference, here is the link to the Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850620

Please let me know if additional information is required.

Thanks,
Maxi
Comment 1 Thomas Haller 2017-01-09 15:02:08 UTC 
you should configure IPv6 Privacy Extensions for SLAAC (RFC4941) according to your needs --- that is, disable it.

  nmcli connection modify "$NAME" ipv6.ip6-privacy 0

as to why 1.4.2 would behave any different is unclear. It shouldn't.

Please reproduce the issue enabling debug logging and attach the logfile. See https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf?id=ae5adc9e21c642a198868b519b2a278b0b108ab8#n27


Are the ssh connections you mention incoming or outgoing?
Comment 2 Beniamino Galvani 2017-01-09 15:12:47 UTC 
I bisected the regression to commit:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=2ea42eee5ab11f8540dfec4140e548b9ee48af69

I'm looking into this.
Comment 3 Beniamino Galvani 2017-01-09 17:38:19 UTC 
Created attachment 343175 [details] [review]
[PATCH] platform: don't update IPv6 temporary addresses

Proposed fix (needs some more testing).
Comment 4 Thomas Haller 2017-01-09 17:45:11 UTC 
lgtm
Comment 5 Beniamino Galvani 2017-01-10 14:52:27 UTC 
Merged to master:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=1dbd9d7948e61f44a56e256c4d9fe60831663861

and nm-1-4 branch:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-4&id=a25b3327c7ffdf528da7e47a819201e216d17829

As mentioned in comment 1 you can set ipv6.ip6-privacy=0 (and optionally ipv6.addr-gen-mode=stable-privacy to use RFC 7217 addresses) to workaround the problem.

Thanks for reporting the issue!