From 56ac0705da55800ce01e96d6a95433b90ab7f0bc Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Mon, 8 Mar 2021 19:18:51 +0000 Subject: Add SLAAC security and privacy options. This patch adds some security and privacy enhancements to SLAAC configuration. When SLAAC_PRIVIPGEN is "yes", address generation is enhanced with a secret key for the interface set in SLAAC_SECRET. This prevents predictable address generation. When SLAAC_TEMPADDR is "yes", a temporary address is used with SLAAC. Thanks to davjohn from LQ for the inital patches and help testing. --- netconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'netconfig') diff --git a/netconfig b/netconfig index 56b8593..a33b85d 100644 --- a/netconfig +++ b/netconfig @@ -232,6 +232,16 @@ GATEWAY6="$GATEWAY6" #SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to # wait for the interface to come up is 15 sec. # Increase the timeout if required. +#SLAAC_PRIVIPGEN[4]="yes" # When assigning addresses via SLAAC, use the + # 'private' (RFC7217) address generation method. + # It is advisable to also set SLAAC_SECRET[x]. +#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" + # When SLAAC_PRIVIPGEN[x]="yes" is set, this is + # the secret to be used. This must be in the + # form of an IPv6 address. When left unset, a + # random secret is used (this is the default). +#SLAAC_TEMPADDR[4]="yes" # Use a temporary address with SLAAC to enhance + # security. #USE_RA[4]="yes" # Accept router advertisements even when SLAAC # is disabled on the interface. #WLAN_ESSID[4]="DARKSTAR" # An example of how you can override _any_ -- cgit v1.2.3