On 5 March 2016 at 22:54, <Valdis.Kletnieks@vt.edu> wrote:
And note that there isn't any problem with a machine getting an IPv6 address via SLAAC *and* getting another one via DHCPv6 - my laptop is doing that as I type (plus a privacy address or two as well).
That is what our CPEs (from Inteno) do. Every computer has a DHCPv6 assigned address that is short and easy (my laptop has 2a00:7660:5c6::30e). The DHCPv6 assigned address is also stable. In the CPE admin website the user can pick the computer (DHCPv6 assigned address) from a dropdown when configuring inbound firewall rules. It is very easy to eg. allow SSH to my laptop by using this feature. But every computer also have SLAAC and usually with privacy extensions. My laptop prefers the SLAAC/privacy address for outgoing connections. So I am not as easily tracked as if the computer used the DHCPv6 address. Currently my outgoing connections are from 2a00:7660:5c6::bd7d:624c:2d8c:c8d0 but this will change shortly to something new and random. Short and stable for inbound, random for outbound. Regards, Baldur