# [solved] sysctl network settings (IPv6) not applied at boot

## 222697

Hi all,

I have IPv6 connection and to activate "privacy extensions", I created the following file:

(gentoo world is up to date, Linux 3.14.37-gentoo, x86_64, sysctl from procps-ng 3.3.9)

/etc/sysctl.d/40-ipv6.conf

```

net.ipv6.conf.all.use_tempaddr = 2

net.ipv6.conf.default.use_tempaddr = 2

net.ipv6.conf.eth1.use_tempaddr = 2

```

But after Booting the computer, these settings have not beeing applied, allthough the boot log says

"sysctl  Applying /etc/sysctl.d/40-ipv6.conf ..."

E.g.

```

cat /proc/sys/net/ipv6/conf/all/use_tempaddr

0

```

And there is also no additional temporary dynamic IPv6 address beeing created.

When doing manually

```

# sysctl -p /etc/sysctl.d/40-ipv6.conf

```

afterwards, the settings get applied and the additional temporary dynamic IPv6 address gets created.

What is that for a bug and where would be the best alternative place to get the setting done?

Here is a nine year old bug (status: confirmed) regarding this for Ubuntu

https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093

but I thought Gentoo would make it better...?Last edited by 222697 on Mon May 04, 2015 4:15 pm; edited 3 times in total

----------

## UberLord

```

$ cat /etc/sysctl.conf

net.ipv6.conf.all.use_tempaddr=1

net.ipv6.conf.default.use_tempaddr=1

net.ipv6.conf.wlp4s0.use_tempaddr=1

```

Maybe those sysctl.d files don't work to well?

Maybe something else is unsetting it?

try this

```
/etc/init.d/sysctl restart

sysctl -a | grep net.ipv6.conf.all.use_tempaddr
```

However, while privacy extensions are nice, stable private addresses are better for long term connections which dhcpcd provides  :Smile: 

----------

## 222697

 *UberLord wrote:*   

> 
> 
> ```
> 
> $ cat /etc/sysctl.conf
> ...

 

You mean that's Your config? The point is what says

cat /proc/sys/net/ipv6/conf/all/use_tempaddr

then

```

# /etc/init.d/sysctl restart

 * WARNING: you are stopping a boot service

 * Configuring kernel parameters ...

* Applying /etc/sysctl.d/40-ipv6.conf ...

net.ipv6.conf.all.use_tempaddr = 2

net.ipv6.conf.default.use_tempaddr = 2

net.ipv6.conf.eth1.use_tempaddr = 2

* Applying /etc/sysctl.conf ...

net.ipv4.ip_forward = 1

net.ipv4.ip_dynaddr = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.all.rp_filter = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.conf.all.send_redirects = 0

net.bridge.bridge-nf-call-arptables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-ip6tables = 0

net.netfilter.nf_conntrack_helper = 0

# sysctl -a | grep net.ipv6.conf.all.use_tempaddr

net.ipv6.conf.all.use_tempaddr = 2

```

Ah, here the content of /var/log/rc.log it looks different, looks like the IPv6 settings are not applied at boot:

```

 * Configuring kernel parameters ...

* Applying /etc/sysctl.d/40-ipv6.conf ...

* Applying /etc/sysctl.conf ...

net.ipv4.ip_forward = 1

net.ipv4.ip_dynaddr = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.all.rp_filter = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.conf.all.send_redirects = 0

```

Looking at /etc/init.d/sysctl

```

start()

{

    ebegin "Configuring kernel parameters"

    sysctl --system

    eend $? "Unable to configure some kernel parameters"

}

```

I am wondering why there is no message "Unable to configure some kernel parameters" if they could not be set.

As a workaround, I created the following init script /etc/init.d/ipv6-kernel-config

```

#!/sbin/openrc-run

# set IPv6 kernel parameters because with sysctl init script they are not set at boot

depend()

{

    need net

}

start()

{

    ebegin "Configuring IPv6 kernel parameters"

    /sbin/sysctl -p /etc/sysctl.d/40-ipv6.conf

    eend $? "Unable to configure some kernel parameters"

}

```

and set it to default runlevel

```

rc-update add ipv6-kernel-config default

```

So, the kernel parameters are set at boot.

 *UberLord wrote:*   

> 
> 
> stable private addresses are better for long term connections which dhcpcd provides
> 
> 

 

Interesting, could You please explain a little more in detail what You mean with private address and about dhcpd config? You mean keep NAT with IPv6 ?

Maybe also advertising a not routable IPv6 net with radvd in the LAN and masquerading via the IPv6 privacy extended IPv6 address?

My gentoo box is my Internet Gateway...  :Smile: 

----------

## UberLord

 *1970 wrote:*   

>  *UberLord wrote:*   
> 
> stable private addresses are better for long term connections which dhcpcd provides
> 
>  
> ...

 

dhcpcd, not dhcpd  :Wink: 

I mean replacing the SLAAC algorythm for making an IPv6 address so that it's stable across reboots and doesn't expose your MAC address in the IPv6 address.

It also changes per SSID.

https://tools.ietf.org/html/rfc7217

----------

## 222697

 *UberLord wrote:*   

> 
> 
> dhcpcd, not dhcpd 
> 
> 

 

Beside the boot time kernel setting, I got another problem, that is, I get wrong RA addresses, it seems. I got them also when running dhcpcd. Please see here for this issue

https://forums.gentoo.org/viewtopic-t-1016306.html

----------

## hdcg

Hi,

do you have by any chance IPv6 configured as a module?

If this is the case, the boot service sysctl is not able to apply your settings. I once ran into the same or a similar issue. I solved it by changing IPv6 to builtin (CONFIG_IPV6=y).

Best Regards,

Holger

----------

