Add IPv6 network configuration to disable privacy extensions

When you want to connect to HomeAssistant via IPv6 from the internet, your router must be able to forward the request to HomeAssistant.
This is not working, when IPv6 privacy extensions are enabled.
Please add an option in the network settings, to change this behaviour:
[ipv6]
addr-gen-mode=eui64

Yes, that feature is really needed. I’m fighting with addr-gen-mode since hours!

When I think about it. Home Assistant is a server system and the default ipv6.addr-gen-mode for servers should be eui64. Maybe we don’t need a UI extension and it should be default anyway.

3 Likes

I didn’t get it to work using a USB drive and gave up. Disabled IPv6 completely.

You can change the default settings with:

  • ssh on Port 22222 (see Dev SSH) or
  • The SSH & Web Terminal Addon or
  • with Monitor and Keyboard directly connected to the hardware and run login in the ha-cli

The modify:

vi /etc/NetworkManger/system-connections/

or use nmcli

nmcli c s
# Check that default is used. If not adapt the following command
nmcli c edit Home\ Assistant\ OS\ default

In nmcli run:

set ipv6.addr-gen-mode eui64
safe

If nmcli c s show an second configuration edit this one to.

After these steps. The privacy extension is disabled, but if you use the UI Network settings again, the changes will be overwritten. :frowning:

3 Likes

Thanks for your suggestion, but there is no network manager available in my ha-cli.
nmcli is not installed and the path /etc/NetworkManger is not existing.

I am using homeassistant OS on a Raspi:

| |  | |                          /\           (_)   | |            | |
| |__| | ___  _ __ ___   ___     /  \   ___ ___ _ ___| |_ __ _ _ __ | |_
|  __  |/ _ \| '_ \ _ \ / _ \   / /\ \ / __/ __| / __| __/ _\ | '_ \| __|
| |  | | (_) | | | | | |  __/  / ____ \\__ \__ \ \__ \ || (_| | | | | |_
|_|  |_|\___/|_| |_| |_|\___| /_/    \_\___/___/_|___/\__\__,_|_| |_|\__|

Welcome to the Home Assistant command line.

System information
  IPv4 addresses for eth0:  192.168.253.20/24
  IPv6 addresses for eth0:  2001:a61:11f9:5901:99dd:xxx/64, fd52:4759:bd4b:4fd0:xxx/64, fe80::d32d:b573:9a1f:xxx/64
  IPv4 addresses for wlan0:

  OS Version:               Home Assistant OS 7.0
  Home Assistant Core:      2021.12.4

  Home Assistant URL:       http://hassio.local:443
  Observer URL:             http://hassio.local:4357
[core-ssh ~]$ nmcli
-bash: nmcli: command not found

You need to get OUT of the ha cli, you can run the ha login command, or ssh directly to your supervisor.

For others it may help the exact commands once in the CLI are:

set ipv6.addr-gen-mode eui64
save
quit

This is a solution that works with or without eui64.

Hi,
I had the issue that using Homeassitant (Home Assistant Operating system on Raspberry Pi 4) behind a Fritzbox and DSLite (only real IPv6 adress) the port forward (e.g. for wireguard VPN) was not working - or only working for a certain time.
Issue was the “IPv6 Interface-ID” (the right side part of the Ipv6 adress of the homeassitant server) that was used by Fritzbox did not match the real IP.
I found out that “privacy extensions” are the reason of that. As soon as these are disabled in homeassistant - the server gets the same IPv6 adress as expected by the Fritzbox (without PE the right part is calculated from MAC address - thats how the fritzbox needs it)
Anyway, disabling the PE as described in this thread - is really a bit tricky. The simplest solutionfor me was really to take the “HA raspi” connect HDMI Monitor and USB Keyboard and execute “login” command. THIS DOES NOT WORK WITH THE ADD-ON CLI - only when directly connected!.
Then use vi command as mentioned in post from trunneml (dec 21). But the location on my side was a bit different… ```
I did cd /etc/NetworkManger/system-connections/ and inside there I could find a file to edit with “vi ” (sorry forgot the exact name) … inside the file is a section with [ipv6] that I just changed to:
[ipv6]
addr-gen-mode=eui64

Then “ESC”
:
x

To store the changes
(on german keyboard “:” is “ö” or SHIFTö if I remeber correct…

I hope this helps someone in same situation.

Anyway having this as a configuration option e.g. in “System/Network” would be much easier.

best regards!
Columbo

1 Like

I am also facing this issue. For a server privacy extension makes zero sense and IMO should be disabled by default, or at least be easily configurable in the GUI.

2 Likes