Jump to content
Not connected, Your IP: 3.133.126.241
Terry Stanford

Is it possible to avoid all use of ipv6?

Recommended Posts

I have AirVPN running on a rented VPS. I would like to turn off ipv6 as I connect to the server via ipv4 addresses. I don't understand a lot about networking but ipv4 does the job fine and i want to avoid problems/confusion by introducing ipv6 either for my inbound ssh connection or any other traffic.

I turned off ipv6 in eddie app but when I connect i see this below, which appears to suggest it's connecting via ipv6?

Screenshot-2021-02-08-at-21-41-00.png

thanks

Share this post


Link to post

Why would you disable IPv6? Let me put your concerns to rest: IPv6 doesn't cause you any trouble, you can leave it on, even together with IPv4. Linux supports it, SSH supports it. OpenVPN, well, tunnels it in v4, anyway.
 

1 hour ago, Terry Stanford said:

I turned off ipv6 in eddie app but when I connect i see this below, which appears to suggest it's connecting via ipv6?


No, not quite. Connecting using v4 and setting v6 addresses and routes as part of the OpenVPN init process are separate things. If you really don't want v6 addresses to even be set, enter this into Eddie Preferences > OVPN directives > Custom directives:

setenv UV_IPV6 no

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

thanks O.S.
I read somewhere (a long time ago perhaps) that ipv6 is not only unnecessary but it can lead to privacy issues like leaks. I have always avoided using it, or I should say, i have always wanted to and assumed i was avoiding it. With my knowledge level, I probably messed that up :D

Share this post


Link to post
1 hour ago, Terry Stanford said:

I read somewhere (a long time ago perhaps) that ipv6 is not only unnecessary but it can lead to privacy issues like leaks.


It's more than necessary, maybe not for regular users but for those who are building networks for users to use. Whoever told you that v6 is unnecceary is probably such an user him/herself.
Those leaks you mentioned are nothing but VPN configuration errors and don't appear outside the VPN context – why should they, after all.

Every IP host needs a globally unique IP. When the internet was an infant, designed as a research network, 255^4 - 2 IP addresses were probably enough for a second lifetime of the earth, they said. But the core belief was still that every participant in this network needed a unique IP to be directly addressable. Nothing changed with IPv6, every participant still needs a unique IP. And thus NAT was born: The idea that multiple devices of the same network/house/company/whatever can use the internet through a machine in the middle which will forward their requests and return the answers. Pro: 100+ hosts need just one public IP. Con: You get to deal with port forwarding and other stuff. That's what AirVPN's "privacy" is all about: You use the internet as if you were the AirVPN server. It's pseudonymous, not anonymous.

The IPv6 challenge for VPN providers is that IPv6 does not need NAT anymore as it was explicitly made to tackle this IPv4 address space exhaustion. There's no such thing as a v6 address exhaustion (yet), so we can again afford to assign public IPs to all hosts out there. The engineers wanted it to be as easy as possible, so they used the MAC address of the interfaces to automatically build part of that IPv6 address. The problem: This MAC address is supposed to be globally unique as well (it's not exactly, but still). Another problem is that by the time v6 started to be more or less widely adopted, the online ad train was already speeding and looking for more data points to use in the targeting algorithms. A unique IP which is not changed even after a reconnect is almost equivalent to finding the Holy Grail in targeted advertising. That's what gets people around communities like this spooked.
And thus the v6 Privacy Extensions were born which are now the default on all platforms: The hosts themselves simply randomize this address, and no one really needs to know how they do it as long as the address is in fact addressable. Makes them less of a target for those ads, and in my humble opinion that should be enough, but people are still spooked by the addressing possibility by MAC so they avoid it in a privacy context. Not to mention the loudest argument of them all: "I can't memorize those long addresses!" :)

Now, IPv6 can be configured to be NATed, just like v4. AirVPN did just that: v6 is NATed like v4 so your exit IPv6 address is that of the AirVPN server, not an address calculated by your own machine. It works and is what happens if you don't disable IPv6.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

O.S. Sie sind der mann. :D:D:D
What a superb explanation. I read it carefully twice, I now understand v6 addressing. I did know the history of it was due to exhaustion of v4, but beyond that I had no clue, I didn't know MAC addresses were involved (usually anyway), and I can see why that would scare people. So it should too, as you said, it's a golden ticket for targeted advertisers.
Brilliant write up, thank you so much.
I will turn ipv6 back on :)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...