[184330] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Doug McIntyre)
Fri Oct 2 01:46:53 2015
X-Original-To: nanog@nanog.org
Date: Fri, 2 Oct 2015 00:46:47 -0500
From: Doug McIntyre <merlyn@geeks.org>
To: Mark Tinka <mark.tinka@seacom.mu>
In-Reply-To: <560A3C8F.4060306@seacom.mu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote:
> On 26/Sep/15 16:34, David Hubbard wrote:
> > Has anyone run into this? Our users on other platforms don't seem to
> > have this issue; linux and MS desktops seem to just use v6 if it's
> > available and v4 if not.
>
> I have been tracking down an issue for months where SSH'ing to some
> devices (which picks IPv6 by default) from my Mac while in the office
> drops the connection, forcing me to reconnect. It's random; sometimes it
> happens a lot, sometimes, rarely, other times not at all.
I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
generates a new random IPv6 address, applies it to the interface, and then
drops the old IPv6 addresses as they stale out. Sessions in use or not.
sudo sysctl -w net.inet6.ip6.use_tempaddr=0
sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'
