Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

I want my Windows boxes to:

 

  • Use 'privacy' addresses for outgoing connections
  • Have a EUI64 address to listen for incoming connections
  • Not use any legacy tunneling protocols

This can be enabled permanently using the following batch script:

This is what I use for our Windows 7 computers to configure IPv6:

 

 

Code Block
languagepowershell
REM enables RFC EUI-644941 interfaceprivacy identifiersextensions (IPv6i.e. temporary address basedfor onoutgoing MAC)connections)
netsh interface ipv6 set privacy state=enabled store=active
netsh interface ipv6 set privacy state=enabled store=persistent
 
REM Don't use random identifier. This will result in EUI64 based adddresses
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

REM disable allunused tunneling stuffprotocols
netsh interface ipv6 6to4 set state disabled
netsh interface ipv6 isatap set state disabled
netsh interface ipv6 set teredo disabled
Note

The order of the two first blocks seems to matter. If you put the randomizeidentifiers block before the privacy block, then Windows will still use randomizeidentifiers...

 

 

Remove address

For servers it makes sense to have statically configured addresses, and avoid dynamic/privacy stuff as much as possible.

However, you might have started out with privacy stuff on, and have to remove things: 

Code Block
languagepowershell
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : dilbert
   Primary Dns Suffix  . . . . . . . : terena.org
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : terena.org
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-DB-AF-95
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:610:148:babe:20c:29ff:fedb:af95(Preferred)
   IPv6 Address. . . . . . . . . . . : 2001:610:148:babe:cafe::3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20c:29ff:fedb:af95%10(Preferred)
   Default Gateway . . . . . . . . . : 2001:610:148:babe::1
                                       fe80::ceef:48ff:fe5e:f3c8%10
   DNS Servers . . . . . . . . . . . : 2001:610:1:800a:192:87:106:106
                                       2001:610:188:140:145:100:188:188
   NetBIOS over Tcpip. . . . . . . . : Disabled

To remove the EUI-64 address 2001:610:148:babe:20c:29ff:fedb:af95, first find the interface number:

 

Code Block
C:\Users\Administrator>netsh interface ipv6 show addresses
Interface 1: Loopback Pseudo-Interface 1
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Other      Preferred     infinite   infinite ::1
Interface 10: Local Area Connection
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Public     Preferred  29d23h57m39s 6d23h57m39s 2001:610:148:babe:20c:29ff:fedb:af95
Manual     Preferred     infinite   infinite 2001:610:148:babe:cafe::3
Other      Preferred     infinite   infinite fe80::20c:29ff:fedb:af95%10

The trick is to disable autoconfiguration on that interface:

Code Block
C:\Users\Administrator>netsh interface ipv6 set interface 10 routerdiscovery=disabled
Ok.

Now it should be gone:

Code Block
C:\Users\Administrator>netsh interface ipv6 show addresses
Interface 1: Loopback Pseudo-Interface 1
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Other      Preferred     infinite   infinite ::1
Interface 10: Local Area Connection
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Manual     Preferred     infinite   infinite 2001:610:148:babe:cafe::3
Other      Preferred     infinite   infinite fe80::20c:29ff:fedb:af95%10

 

Time servers

 

To configure Windows servers to use the SURFnet NTP boxes:

Code Block
C:\Users\Administrator>w32tm /config /manualpeerlist:"chime3.surfnet.nl chime4.surfnet.nl",0x8 /syncfromflags:MANUAL