Jump to content


Photo

IPv6 cannot be safely disabled on Linux

ipv6 linux

  • Please log in to reply
7 replies to this topic

#1 fangorn

fangorn

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 04 October 2017 - 06:41 PM

After installing the recent version from the APT repository (2.13.6), I got a message upon connecting to a server that I didn't manage to reproduce afterwards, something like:

 

"IPv6 cannot be safely disabled on Linux in order to make the network lock effective. This can make your IPv6 address leak if your provider supports IPv6. This setting can be changed in Preferences / Advanced / IPv6."

 

This sounds worrying to me, but I don't understand the message. The quoted setting is set to "disable". Does this safely disable my IPv6 or not?

 

I know how to disable IPv6 on the kernel level, but I'm not sure whether that is necessary or not. Sorry that the above message is not an exact quote, it's just what I remember from it. It didn't appear again, which is even more worrying to me...

 

Edit: Here is the exact message that I copied from Github:

 

IpV6Warning = "IPv6 detected.\n\nThis can cause data leak ONLY if your ISP provides IPv6 support.\nCurrently our software can't disable and restore safely IPv6 on Linux.\nIf you continue, IPv6 detection will be disabled. You can re-enable it in Preferences -> Advanced -> IPv6.\n\nContinue?";

 

This message is confusing because first it says that "our software can't disable (...) safely IPv6 on Linux", then it talks about IPv6 detection, and the actual settings entry is about disabling the use of IPv6 altogether...  So I assume that this just means that "we can't forward IPv6 on Linux, so we will disable it completely"? Sounds ok to me that way.

 

Please confirm that this message just means that everything is working as expected. xD



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7181 posts

Posted 04 October 2017 - 10:09 PM

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards



#3 bancroft

bancroft

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 11 October 2017 - 07:25 AM

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards

I just saw the warning message also. I always use network lock. So what is the point of the warning? I don't understand it.



#4 fangorn

fangorn

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 12 October 2017 - 08:41 AM

Hello!

 

You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables).

 

IPv6 support in our infrastructure is planned within the end of 2017.

 

Kind regards

 

Thanks but I am using the Network lock, always. I think there is a confusion here about blocking IPv6 and disabling it? It sounds like the program can not block IPv6 traffic from leaking outside. And "not detecting" is similar to blocking? This wording is very confusing.

 

The actual meaning of the message, like I am interpreting it, is "We can not forward IPv6 traffic, nor disable IPv6 completely, so we will be blocking all IPv6 traffic using the firewall" which is O.K.



#5 cgan

cgan

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 13 October 2017 - 10:21 PM

Permanently Disable IPV6 Internet Protocol Under Ubuntu 16.04/Linux Mint 18

Some users reported that IPv6 is merely a surveillance tool terrible for your own privacy.

 

You can check whether ipv6 is enabled or not using this command:
 

cat /proc/sys/net/ipv6/conf/all/disable_ipv6


0 --> Enabled
1 --> Disabled

If enabled, edit this file using this command:



sudo gedit /etc/sysctl.conf


Add these lines at the end:
 

# Disable IPv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

Save your file and exit. Run this command so that changes take effect:
 

 sudo sysctl -p


You can check again if ipv6 is disabled using this command:

 cat /proc/sys/net/ipv6/conf/all/disable_ipv6

You should get 1 as output.



#6 elljayenn

elljayenn

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 26 October 2017 - 11:13 PM

There is a much simpler way to shut off IPv6 support on the machine you are using without having to mess around with the terminal (which incidentally, changed nothing for me)

Click your network connection, then Network Settings, then choose the wired connection. In the settings menu, shut off IPv6 and do the same on wi-fi. Then (and this is essential) reboot.

 

The changes are not stored until you reboot.

 

Once this is done, you can reconnect to the VPN using the Eddie client (I have it set to run at startup) and ipleak shows a complete VPN connection without leaks.



#7 adfdsfGYYy53

adfdsfGYYy53

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 19 January 2018 - 08:34 PM

This page contains the only instructions I could get to work:

 

https://www.linuxbabe.com/ubuntu/disable-ipv6-on-ubuntu



#8 frpergflf

frpergflf

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 23 January 2018 - 11:16 PM

This is what I did using edde 2.13.6 and this seems to work for me under Linux

When you start ./airvpn, use these parameters, that will disable IPv6 for wireless connections.  For me my wireless is 'wlan0', adjust as needed (all 1 line):

 

--event.app.start.filename="/sbin/sysctl"
--event.app.start.arguments="net.ipv6.conf.wlan0.disable_ipv6=1"
--event.app.stop.filename="/sbin/sysctl"
--event.app.stop.arguments="net.ipv6.conf.wlan0.disable_ipv6=0"

This will disable IPv6 at start and re-enable it on exit







Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13051 - BW: 35707 Mbit/sYour IP: 54.167.216.239Guest Access.