Jump to content
Not connected, Your IP: 3.83.32.171
fangorn

IPv6 cannot be safely disabled on Linux

Recommended Posts

After installing the recent version from the APT repository (2.13.6), I got a message upon connecting to a server that I didn't manage to reproduce afterwards, something like:

 

"IPv6 cannot be safely disabled on Linux in order to make the network lock effective. This can make your IPv6 address leak if your provider supports IPv6. This setting can be changed in Preferences / Advanced / IPv6."

 

This sounds worrying to me, but I don't understand the message. The quoted setting is set to "disable". Does this safely disable my IPv6 or not?

 

I know how to disable IPv6 on the kernel level, but I'm not sure whether that is necessary or not. Sorry that the above message is not an exact quote, it's just what I remember from it. It didn't appear again, which is even more worrying to me...

 

Edit: Here is the exact message that I copied from Github:

 

IpV6Warning = "IPv6 detected.\n\nThis can cause data leak ONLY if your ISP provides IPv6 support.\nCurrently our software can't disable and restore safely IPv6 on Linux.\nIf you continue, IPv6 detection will be disabled. You can re-enable it in Preferences -> Advanced -> IPv6.\n\nContinue?";

 

This message is confusing because first it says that "our software can't disable (...) safely IPv6 on Linux", then it talks about IPv6 detection, and the actual settings entry is about disabling the use of IPv6 altogether...  So I assume that this just means that "we can't forward IPv6 on Linux, so we will disable it completely"? Sounds ok to me that way.

 

Please confirm that this message just means that everything is working as expected. xD

Share this post


Link to post

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards

Share this post


Link to post

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards

I just saw the warning message also. I always use network lock. So what is the point of the warning? I don't understand it.

Share this post


Link to post

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards

 

Thanks but I am using the Network lock, always. I think there is a confusion here about blocking IPv6 and disabling it? It sounds like the program can not block IPv6 traffic from leaking outside. And "not detecting" is similar to blocking? This wording is very confusing.

 

The actual meaning of the message, like I am interpreting it, is "We can not forward IPv6 traffic, nor disable IPv6 completely, so we will be blocking all IPv6 traffic using the firewall" which is O.K.

Share this post


Link to post

Permanently Disable IPV6 Internet Protocol Under Ubuntu 16.04/Linux Mint 18

Some users reported that IPv6 is merely a surveillance tool terrible for your own privacy.

 

You can check whether ipv6 is enabled or not using this command:

 

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 --> Enabled

1 --> Disabled

 

If enabled, edit this file using this command:

 

sudo gedit /etc/sysctl.conf

Add these lines at the end:

 

# Disable IPv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

Save your file and exit. Run this command so that changes take effect:

 

 sudo sysctl -p

You can check again if ipv6 is disabled using this command:

 cat /proc/sys/net/ipv6/conf/all/disable_ipv6

You should get 1 as output.

Share this post


Link to post

There is a much simpler way to shut off IPv6 support on the machine you are using without having to mess around with the terminal (which incidentally, changed nothing for me)

Click your network connection, then Network Settings, then choose the wired connection. In the settings menu, shut off IPv6 and do the same on wi-fi. Then (and this is essential) reboot.

 

The changes are not stored until you reboot.

 

Once this is done, you can reconnect to the VPN using the Eddie client (I have it set to run at startup) and ipleak shows a complete VPN connection without leaks.

Share this post


Link to post

This is what I did using edde 2.13.6 and this seems to work for me under Linux

When you start ./airvpn, use these parameters, that will disable IPv6 for wireless connections.  For me my wireless is 'wlan0', adjust as needed (all 1 line):

 

--event.app.start.filename="/sbin/sysctl"
--event.app.start.arguments="net.ipv6.conf.wlan0.disable_ipv6=1"
--event.app.stop.filename="/sbin/sysctl"
--event.app.stop.arguments="net.ipv6.conf.wlan0.disable_ipv6=0"

This will disable IPv6 at start and re-enable it on exit

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...