I had to upgrade from my Rpi3b+ to the new Rpi4 and so far everything is working perfectly Nearly at least.
I am using Duckdns to access my Home Assistant remotely but unfortunately I am stuck behind a CG-Nat, meaning I can only access my devices from outside my network via IPv6. There is no way to change that. The problem is, that this new Pi somehow is assigned a new IPv6 address every time the Pi or my router are rebooted and since the Duckdns Addon is only updating the IPv4 address (which stays the same btw) I keep losing access to my Home Assistant regularly. Previously, my Pi was assigned the same IPv6 address every time.
Does anyone have an idea what might have caused this change or even know a fix for my problem?
Thank you for the suggestion. I forgot to mention that before but my router does not support that. I have assigned a static network internal ipv4 address to my Pi’s mac address and that is unfortunately all I’m able to do. The router does not support that for ipv6.
Does your provider support IPv6 PD (prefix delegation) and assigns a static prefix (i.e. a range of IPv6 addresses) to your connection, or is it really that you get a random IPv6 address each time the router reconnects?
If PD, then you could configure a static IPv6 address out of the delegated range on your Pi.
I do have a static prefix. Could you kindly explain to me how I would be able to set a static IPv6 address on my Pi? I don’t really know how to do it on Hass.io when my router does not support that.
I could make some guesses on how the ipv6 section of the configuration should look like (e.g. method=manual, adding a static address from your range like address1=1234:1234:1234::1/64, adding DNS which could be your router’s address dns=...), but maybe someone else on this forum has already done that?
I’m going through some notes of mine from several years ago, and there are a couple of ways that the interface-id is derived other than from a MAC address.
One is related to “Privacy Extension” where the the IPv6 address via the interface-id, changes at regular intervals so as to keep some other party from identifying you from a fixed IP address.
I just checked my HA and this feature is disabled. If you are interested, you can check, get into the HAOS root shell (or possibly using ssh AddOn) and type: cat /proc/sys/net/ipv6/conf/YOUR-INTERFACE-NAME/use_tempaddr and if its 0, then it is disabled.
However digging a little deeper, there is a newer RFC7217 that discusses how to derive an interface-id that is “stable” unless the prefix changes.
If you go to HA shell and use nmcli, you can see what this setting is. For example, in my case:
nmcli con show "Supervisor enp0s3"
...
ipv6.addr-gen-mode: stable-privacy
...
stable-privacy means it is following RFC7217.
From the users in this thread that say they have had issues with this setting, they change it to be: ipv6.addr-gen-mode eui64
Warning: nmcli (1.46.0) and NetworkManager (1.44.2) versions don't match. Restarting NetworkManager is advised.
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'Supervisor eno1'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, link, tc, proxy
I type
nmcli set ipv6.addr-gen-mode eui64
save
and I get
Error: Failed to save 'Supervisor eno1' (09614583-07cf-3d52-b5df-5fa029dbfa45) connection: connection.autoconnect-ports: unknown property
Hmmm…I think I have an idea what is wrong.
From my HAOS linux shell, (either using the console or use ssh -p22222) where my connection profile is Supervisor enp0s3: nmcli con mod "Supervisor enp0s3" ipv6.addr-gen-mode eui64
and this works.
From my Advanced SSH & Web Terminal AddOn, I get the same failure you do.
$ nmcli con mod "Supervisor enp0s3" ipv6.addr-gen-mode eui64
Warning: nmcli (1.46.0) and NetworkManager (1.44.2) versions don't match. Restarting NetworkManager is advised.
Error: Failed to modify connection 'Supervisor enp0s3': connection.autoconnect-ports: unknown property
So it seems to be the problem that the AddOn has a different version of nmcli compared to the underlying Network Manager daemon.
Nearly at least.
