Versions Compared

Old Version 2

changes.mady.by.user Dick Visser

Saved on

compared with

New Version Current

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • Use 'privacy' addresses for outgoing connections
  • Have a EUI64 address to listen for incoming connections
  • Not use any legacy tunneling protocols

This can be enabled premanently permanently using the following batch script:

...

Note

The order of the two first blocks seems to matter. If you put the randomizeidentifiers block before the privacy block, then Windows will still use randomizeidentifiers...

 

 

Remove address

For servers it makes sense to have statically configured addresses, and avoid dynamic/privacy stuff as much as possible.

However, you might have started out with privacy stuff on, and have to remove things: 

Code Block
languagepowershell
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : dilbert
   Primary Dns Suffix  . . . . . . . : terena.org
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : terena.org
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-DB-AF-95
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:610:148:babe:20c:29ff:fedb:af95(Preferred)
   IPv6 Address. . . . . . . . . . . : 2001:610:148:babe:cafe::3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20c:29ff:fedb:af95%10(Preferred)
   Default Gateway . . . . . . . . . : 2001:610:148:babe::1
                                       fe80::ceef:48ff:fe5e:f3c8%10
   DNS Servers . . . . . . . . . . . : 2001:610:1:800a:192:87:106:106
                                       2001:610:188:140:145:100:188:188
   NetBIOS over Tcpip. . . . . . . . : Disabled

To remove the EUI-64 address 2001:610:148:babe:20c:29ff:fedb:af95, first find the interface number:

 

Code Block
C:\Users\Administrator>netsh interface ipv6 show addresses
Interface 1: Loopback Pseudo-Interface 1
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Other      Preferred     infinite   infinite ::1
Interface 10: Local Area Connection
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Public     Preferred  29d23h57m39s 6d23h57m39s 2001:610:148:babe:20c:29ff:fedb:af95
Manual     Preferred     infinite   infinite 2001:610:148:babe:cafe::3
Other      Preferred     infinite   infinite fe80::20c:29ff:fedb:af95%10

The trick is to disable autoconfiguration on that interface:

Code Block
C:\Users\Administrator>netsh interface ipv6 set interface 10 routerdiscovery=disabled
Ok.

Now it should be gone:

Code Block
C:\Users\Administrator>netsh interface ipv6 show addresses
Interface 1: Loopback Pseudo-Interface 1
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Other      Preferred     infinite   infinite ::1
Interface 10: Local Area Connection
Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Manual     Preferred     infinite   infinite 2001:610:148:babe:cafe::3
Other      Preferred     infinite   infinite fe80::20c:29ff:fedb:af95%10

 

Time servers

 

To configure Windows servers to use the SURFnet NTP boxes:

Code Block
C:\Users\Administrator>w32tm /config /manualpeerlist:"chime3.surfnet.nl chime4.surfnet.nl",0x8 /syncfromflags:MANUAL