NM setting unworkably low IPv6 address lifetime values, not renewing addresses correctly
Now that I have working IPv6 connectivity, I have noticed that NM is not setting useful valid and preferred lifetimes for IPv6 autoconf addresses (both EUI64 and stable-privacy), and is not renewing them when appropriate.
Despite sysctl showing valid/preferred values of 604800/86400 for all, default, and individual interfaces, NM seems to be using 4000/3000 respectively. This is way too low, it e.g. causes ssh connections to remote servers to hang once an hour, which is massively annoying when you are wrangling a bunch of them.
Also, new addresses are not being allocated when preferred lifetime expires until the valid lifetime has also expired, leaving the system configured with only deprecated public IPv6 addresses.
NM 1.2.16, Ubuntu 20.04
Connection config for ipv6:
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto
When operating correctly, ip -6 addr
outputs:
39: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2403:5800:[snip]:2181:780/64 scope global temporary dynamic
valid_lft 2908sec preferred_lft 1908sec
inet6 2403:5800:[snip]:4324:69db/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2908sec preferred_lft 1908sec
inet6 fe80::fe9a:6981:5d38:2bcd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
When preferred liftime has expired, I see:
39: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2403:5800:[snip]:2181:780/64 scope global temporary deprecated dynamic
valid_lft 334sec preferred_lft 0sec
inet6 2403:5800:[snip]:4324:69db/64 scope global deprecated dynamic mngtmpaddr noprefixroute
valid_lft 334sec preferred_lft 0sec
inet6 fe80::fe9a:6981:5d38:2bcd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Note both public addresses above are marked deprecated
.
After the valid lifetime expires, I get new addresses, again with very short lifetimes (4000 & 3000) respectively. This per the config above is for stable-privacy addresses, I see basically teh same thing for EUI64 addresses, but only a single public address.
What I would expect to see is:
- sysctl settings for valid & preferred lifetimes respected
- There is always at least one non-deprecated public address configured