Windows 7 IPv6 auto-assignment fix

For some reason, Microsoft decided that Windows 7 would autoconfigure IPv6 using a random identifier (not the MAC address / EUI-64) – they went on to decide that it would randomly assign temporary addresses which change constantly.  This is an admin nightmare, not to mention *awful* when it comes to assigning DNS.

So, here’s how to make Windows 7 behave as per every other OS…

1. Open up a Command Prompt in Administrator mode (right-click, run as administrator)

2. Run the following commands.  Each one should respond “Ok”.  If you didn’t do step 1 correctly, it will say the command required elevation.

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

3. Exit the command prompt, and reboot.

When your computer has rebooted, it should auto-configure itself using EUI-64 (based on the MAC address of the interface) within the subnet given in the router advertisement.

8 thoughts on “Windows 7 IPv6 auto-assignment fix

  1. awwwwww

    And now you disabled one of the more useful (and cooler) parts of IPv6 known as privacy addressing. This _feature_ makes it more difficult for an attacker to correlate your activities and/or connect with you without permission.

    Reply
    1. dan Post author

      it also makes things like ip-based authentication a nightmare, so people should have the ability to turn it on and off at their will. For me, I need my IP to remain constant as part of 2-stage authentication to various external systems. Microsoft should give you the ability to turn it on and off a lot easier than having to mess around with command lines.

      Reply
  2. migle

    Let me insist on awwwwww’s arguments. I didn’t check windows 7, but vista’s default behaviour here is to assign two IPv6 addresses to the interface: the private (constantly changing) one and the MAC-based one, and call the private one the “preferred”. So, you actually have the fixed MAC-based IPv6 too if you want to use it.

    This is exactly what is proposed in RFC 4941, and they compare it to your telephone number vs your called id. When your address must be fixed, such as when your machine acts as a server, it works, programs will usually listen on all addresses by default. When acting as a client, the private one is used by default (that doesn’t mean that the other can’t be used).

    Actually, your need for fixed IP is pretty atypical and you quite obvisouly have the knowledge to understand the issue and find one solution; so, as for it being a user-friendly checkbox, I don’t agree, I think the program you use for connecting to those external systems should have that option (detecting you have more than one global address it should allow you to choose which to use for the connection).

    So really, I think your blaming the wrong software. Windows is not to blame if it’s the only OS that found RFC 4941 interesting. Sometimes in the floss world people are more conservative and attached to old habits than you would expect.

    Reply
    1. dan Post author

      The non-changing (random not MAC-based) IP is for incoming connections only – it is never used for outgoing connections.

      here’s a simple real life situation… at work if I leave my windows 7 PC as-is and SSH to a server it disconnects me after an hour as windows changes my IPv6 IP and severs the existing connection – this limits anything established outgoing to 1 hour maximum (e.g. download, ssh sessions, you name it) – as for the MAC-based IP… windows 7 does NOT issue a MAC-based IP by default. It chooses a random IP instead. For administrators, it is FAR more useful to have a MAC-based IP.
      I also notice that your IP when posting this comment came from a EUI64 mac-based IP which is as it should be !

      To use your analogy, you’d be annoyed if your telephone cut you off every hour (or part hour if you made a call 55 minutes into the IP assignment, you’d get 5 minutes and be cut off) – privacy IPs are fine for short connections but no use for anything else.

      I have never seen any windows software that offers a source IPv6 IP choice to connect out – they always choose the system default which is the randomly changing one.
      If I asked a regular user of windows to select a source IPv6 ip, they would be confused beyond belief. IPv6 has to be made as simple as possible if people are going to get used to it.

      As far as i’m concerned, it is still a ‘fix’ as it fixes many problems that wouldn’t exist should it not have been implemented in the first place.

      (FYI, this ‘fix’ also applies to windows 8/developer preview)

      Reply
  3. Pingback: Windows 7+ disable temporary IPv6 address – Ragzilla

Leave a Reply

Your email address will not be published. Required fields are marked *