# IPv6 address generation and privacy defaults.
#
# Most IPv6 networks use SLAAC (Stateless Address Autoconfiguration),
# where the host generates its own IPv6 addresses based on the network
# prefix advertised by the router.
#
# Two mechanisms influence how these addresses appear:
#
#   ipv6.addr-gen-mode
#       Controls how the *stable* SLAAC address is generated.
#
#       stable-privacy:
#           Generate a deterministic pseudorandom address derived from
#           a kernel secret and the network prefix. This prevents the
#           legacy EUI-64 mechanism from exposing the device's MAC
#           address in the IPv6 address.
#
#   ipv6.ip6-privacy
#       Enables RFC 4941 temporary IPv6 addresses. These are additional
#       short-lived addresses that rotate periodically and are preferred
#       for outbound connections to prevent remote tracking.
#
# With these settings a network interface will typically have:
#
#   - one stable pseudorandom IPv6 address
#   - one or more temporary rotating addresses used for outbound traffic
#
# Note that temporary addresses do NOT replace the stable address. The
# interface will still have one stable address used for inbound connections,
# it will just use the temporary ones for outbound ones.
#
# Values for ipv6.ip6-privacy:
#   0 = disable temporary addresses
#   1 = enable but prefer the stable address
#   2 = enable and prefer temporary addresses

[connection]
ipv6.addr-gen-mode=stable-privacy
ipv6.ip6-privacy=2