Add IPv6 network configuration to disable privacy extensions

rosch100 · December 21, 2021, 2:12pm

When you want to connect to HomeAssistant via IPv6 from the internet, your router must be able to forward the request to HomeAssistant.
This is not working, when IPv6 privacy extensions are enabled.
Please add an option in the network settings, to change this behaviour:
[ipv6]
addr-gen-mode=eui64

trunneml · December 21, 2021, 3:39pm

Yes, that feature is really needed. I’m fighting with addr-gen-mode since hours!

trunneml · December 21, 2021, 3:46pm

When I think about it. Home Assistant is a server system and the default ipv6.addr-gen-mode for servers should be eui64. Maybe we don’t need a UI extension and it should be default anyway.

rosch100 · December 21, 2021, 3:54pm

I didn’t get it to work using a USB drive and gave up. Disabled IPv6 completely.

trunneml · December 21, 2021, 5:43pm

You can change the default settings with:

ssh on Port 22222 (see Dev SSH) or
The SSH & Web Terminal Addon or
with Monitor and Keyboard directly connected to the hardware and run login in the ha-cli

The modify:

vi /etc/NetworkManger/system-connections/

or use nmcli

nmcli c s
# Check that default is used. If not adapt the following command
nmcli c edit Home\ Assistant\ OS\ default

In nmcli run:

set ipv6.addr-gen-mode eui64
safe

If nmcli c s show an second configuration edit this one to.

After these steps. The privacy extension is disabled, but if you use the UI Network settings again, the changes will be overwritten.

rosch100 · December 22, 2021, 7:51pm

Thanks for your suggestion, but there is no network manager available in my ha-cli.
nmcli is not installed and the path /etc/NetworkManger is not existing.

I am using homeassistant OS on a Raspi:

| |  | |                          /\           (_)   | |            | |
| |__| | ___  _ __ ___   ___     /  \   ___ ___ _ ___| |_ __ _ _ __ | |_
|  __  |/ _ \| '_ \ _ \ / _ \   / /\ \ / __/ __| / __| __/ _\ | '_ \| __|
| |  | | (_) | | | | | |  __/  / ____ \\__ \__ \ \__ \ || (_| | | | | |_
|_|  |_|\___/|_| |_| |_|\___| /_/    \_\___/___/_|___/\__\__,_|_| |_|\__|

Welcome to the Home Assistant command line.

System information
  IPv4 addresses for eth0:  192.168.253.20/24
  IPv6 addresses for eth0:  2001:a61:11f9:5901:99dd:xxx/64, fd52:4759:bd4b:4fd0:xxx/64, fe80::d32d:b573:9a1f:xxx/64
  IPv4 addresses for wlan0:

  OS Version:               Home Assistant OS 7.0
  Home Assistant Core:      2021.12.4

  Home Assistant URL:       http://hassio.local:443
  Observer URL:             http://hassio.local:4357
[core-ssh ~]$ nmcli
-bash: nmcli: command not found

nathang21 · June 5, 2022, 1:37pm

You need to get OUT of the ha cli, you can run the ha login command, or ssh directly to your supervisor.

nathang21 · June 5, 2022, 1:39pm

For others it may help the exact commands once in the CLI are:

set ipv6.addr-gen-mode eui64
save
quit

miguelangel.nubla · March 31, 2023, 6:42pm

This is a solution that works with or without eui64.

Columbo · November 14, 2023, 3:39pm

Hi,
I had the issue that using Homeassitant (Home Assistant Operating system on Raspberry Pi 4) behind a Fritzbox and DSLite (only real IPv6 adress) the port forward (e.g. for wireguard VPN) was not working - or only working for a certain time.
Issue was the “IPv6 Interface-ID” (the right side part of the Ipv6 adress of the homeassitant server) that was used by Fritzbox did not match the real IP.
I found out that “privacy extensions” are the reason of that. As soon as these are disabled in homeassistant - the server gets the same IPv6 adress as expected by the Fritzbox (without PE the right part is calculated from MAC address - thats how the fritzbox needs it)
Anyway, disabling the PE as described in this thread - is really a bit tricky. The simplest solutionfor me was really to take the “HA raspi” connect HDMI Monitor and USB Keyboard and execute “login” command. THIS DOES NOT WORK WITH THE ADD-ON CLI - only when directly connected!.
Then use vi command as mentioned in post from trunneml (dec 21). But the location on my side was a bit different… ```
I did cd /etc/NetworkManger/system-connections/ and inside there I could find a file to edit with “vi ” (sorry forgot the exact name) … inside the file is a section with [ipv6] that I just changed to:
[ipv6]
addr-gen-mode=eui64

Then “ESC”
:
x

To store the changes
(on german keyboard “:” is “ö” or SHIFTö if I remeber correct…

I hope this helps someone in same situation.

Anyway having this as a configuration option e.g. in “System/Network” would be much easier.

best regards!
Columbo

fzakfeld · January 21, 2024, 4:45pm

I am also facing this issue. For a server privacy extension makes zero sense and IMO should be disabled by default, or at least be easily configurable in the GUI.

tobox · April 29, 2025, 10:00am

I was using the above mentionen method (EUI64) for years with IPv6. Have there been changes to home assistant regarding this?

/etc/NetworkManager/system-connections/default

contains the correct “addr-gen-mode=eui64” entry.


2: enp0s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 06:60:3c:4c:86:8d brd ff:ff:ff:ff:ff:ff
    inet 192.168.207.172/24 brd 192.168.207.255 scope global dynamic noprefixroute enp0s18
       valid_lft 863876sec preferred_lft 863876sec
    inet6 2003:c3:XXXX:XXXX:9a52:d360:60aa:e58e/64 scope global dynamic noprefixroute 
       valid_lft 7079sec preferred_lft 1450sec
    inet6 fdf6:58be:ea00:16fa:949:e0e2:4688:d2c9/64 scope global dynamic noprefixroute 
       valid_lft 7079sec preferred_lft 3479sec
    inet6 fe80::fc4b:b12b:c90b:3734/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Note that the MAC-Address does not show up in the fe80 part of the IPv6 address.