New, different IPv6 address every time

Hello everyone :slight_smile:

I had to upgrade from my Rpi3b+ to the new Rpi4 and so far everything is working perfectly :grin: Nearly at least.

I am using Duckdns to access my Home Assistant remotely but unfortunately I am stuck behind a CG-Nat, meaning I can only access my devices from outside my network via IPv6. There is no way to change that. The problem is, that this new Pi somehow is assigned a new IPv6 address every time the Pi or my router are rebooted and since the Duckdns Addon is only updating the IPv4 address (which stays the same btw) I keep losing access to my Home Assistant regularly. Previously, my Pi was assigned the same IPv6 address every time.

Does anyone have an idea what might have caused this change or even know a fix for my problem?

Thanks in advance
Tafelbomber

1 Like

to me that sounds like dhcp needs setting up, what i would do if you can is to set a static address for the mac so then the IPv6 stays the same?

1 Like

Thank you for the suggestion. I forgot to mention that before but my router does not support that. I have assigned a static network internal ipv4 address to my Piā€™s mac address and that is unfortunately all Iā€™m able to do. The router does not support that for ipv6.

Does your provider support IPv6 PD (prefix delegation) and assigns a static prefix (i.e. a range of IPv6 addresses) to your connection, or is it really that you get a random IPv6 address each time the router reconnects?
If PD, then you could configure a static IPv6 address out of the delegated range on your Pi.

1 Like

I do have a static prefix. Could you kindly explain to me how I would be able to set a static IPv6 address on my Pi? I donā€™t really know how to do it on Hass.io when my router does not support that.

Thank you!

Iā€™m very sorry, but Iā€™m not a hass.io user myself.

There is a thread about configuring a static IPv4 address: How To: Set a Static IP on Hass.io/HassOS

I could make some guesses on how the ipv6 section of the configuration should look like (e.g. method=manual, adding a static address from your range like address1=1234:1234:1234::1/64, adding DNS which could be your routerā€™s address dns=...), but maybe someone else on this forum has already done that?

1 Like

Iā€™ve got it to work today!

The solution was changing this

[ipv6]
addr-gen-mode=stable-privacy

to this

[ipv6]
addr-gen-mode=eui64

in the file described here https://github.com/home-assistant/hassos/blob/712dcf9f74497eef6a75ed1e76f8ae8817ae3ee6/Documentation/network.md.

The meaning of the settings described above can be found here: https://developer.gnome.org/libnm/stable/NMSettingIP6Config.html#NMSettingIP6ConfigAddrGenMode.

I hope this helps someone else as well! :smiley:

5 Likes

Hello, I have the same issue, I use a Fritzbox and sometimes the HomeAssistant computer shows a different IPv6 address as IPv6 Interface-ID.

I thought the IPv6 Interface-ID was bound to the MAC address of a device, so I donā€™t understand how it can even change all the time.

Does anyone have a solution to this?

For the changing prefix from my internet provide I use dynv6.com which works well. But it cannot account for a changing interface ID

Iā€™m going through some notes of mine from several years ago, and there are a couple of ways that the interface-id is derived other than from a MAC address.

One is related to ā€œPrivacy Extensionā€ where the the IPv6 address via the interface-id, changes at regular intervals so as to keep some other party from identifying you from a fixed IP address.
I just checked my HA and this feature is disabled. If you are interested, you can check, get into the HAOS root shell (or possibly using ssh AddOn) and type:
cat /proc/sys/net/ipv6/conf/YOUR-INTERFACE-NAME/use_tempaddr and if its 0, then it is disabled.

However digging a little deeper, there is a newer RFC7217 that discusses how to derive an interface-id that is ā€œstableā€ unless the prefix changes.
If you go to HA shell and use nmcli, you can see what this setting is. For example, in my case:

nmcli con show "Supervisor enp0s3"
...
ipv6.addr-gen-mode:    stable-privacy
...

stable-privacy means it is following RFC7217.

From the users in this thread that say they have had issues with this setting, they change it to be: ipv6.addr-gen-mode eui64

1 Like

Thank you for your effort. unfortunatelly it says 0

nmcli con show ā€œSupervisor eno1ā€

shows:

ipv6.addr-gen-mode: stable-privacy

but how do edit?
according to chatgptq

nmcli con modify "Supervisor eno1" ipv6.addr-gen-mode eui64

results in error

nmcli con modify "Supervisor eno1" ipv6.addr-gen-mode eui64
Warning: nmcli (1.46.0) and NetworkManager (1.44.2) versions don't match. Restarting NetworkManager is advised.

so instead I used the commands from here

nmcli c s
set ipv6.addr-gen-mode eui64
safe

but the safe does not work

so I try to run nmcli

~ $ su nmcli con edit "Supervisor eno1"

and I get

Warning: nmcli (1.46.0) and NetworkManager (1.44.2) versions don't match. Restarting NetworkManager is advised.

===| nmcli interactive connection editor |===

Editing existing '802-3-ethernet' connection: 'Supervisor eno1'

Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, link, tc, proxy

I type

nmcli set ipv6.addr-gen-mode eui64

save

and I get

Error: Failed to save 'Supervisor eno1' (09614583-07cf-3d52-b5df-5fa029dbfa45) connection: connection.autoconnect-ports: unknown property

Hmmmā€¦I think I have an idea what is wrong.
From my HAOS linux shell, (either using the console or use ssh -p22222) where my connection profile is Supervisor enp0s3:
nmcli con mod "Supervisor enp0s3" ipv6.addr-gen-mode eui64
and this works.

From my Advanced SSH & Web Terminal AddOn, I get the same failure you do.

$ nmcli con mod "Supervisor enp0s3" ipv6.addr-gen-mode eui64
Warning: nmcli (1.46.0) and NetworkManager (1.44.2) versions don't match. Restarting NetworkManager is advised.
Error: Failed to modify connection 'Supervisor enp0s3': connection.autoconnect-ports: unknown property

So it seems to be the problem that the AddOn has a different version of nmcli compared to the underlying Network Manager daemon.

1 Like

is there any easy way to access ssh via port 22222?
I donā€™t have a monitor or keyboard connected

There is an add-on to create the necessary keys. Search the forum.

1 Like

I have not used it but I think this is the Add-On Francis is talking about:

2 Likes

Indeed, I was ony phone and couldnā€™t find it.

I finally got it to work, opening port 22222 took me another 3 days and ruined my fedora OS when deleting the system SSH keys by mistake -.-

Basically use putty keygen to create an SSH key pair, nothing else worked for me. see here

> nmcli con mod "Supervisor eno1" ipv6.addr-gen-mode eui64

Did the trick. Now I hope the IP change will stop!!