Disabling IPv6 not working

Support Network
1

Hi all,
I am trying to disable IPv6, following this tutorial:
https://wiki.archlinux.org/title/IPv6#Disable_IPv6

I need to disable IPv6 because when using Wireguard (wireguard-tools), I have ip leakage.

Disabling at kernel is ok (ipv6.disable=1), but this solution is not convenient, because I need the IPv6 stack to be enable.

Setting ipv6.disable_ipv6=1 at Grub level does not work, i cant still see a IPv6 address assigned
I tried to set and edit /etc/sysctl.d/40-ipv6.conf, it does not work neither

Note that I managed to set the privacy settings, adding and editing
/etc/sysctl.d/40-ipv6.conf
/etc/NetworkManager/conf.d/ip6-privacy.conf

I am testing all this config using internet cable direct from router, no VPN

So I think I am doing something wrong or forgetting something.

Could you please let me know why ipv6 cant be disabled ?
using Linux 6.9.3-3-MANJARO KDE
Thanks

2

Hi @Chani266,

Please provide the output for:

cat /etc/sysctl.d/40-ipv6.conf

:bangbang: Tip :bangbang:

When posting terminal output, copy the output and paste it here, wrapped in three (3) backticks, before AND after the pasted text. Like this:

```
pasted text
```

Or three (3) tilde signs, like this:

~~~
pasted text
~~~

This will just cause it to be rendered like this:

Sed
sollicitudin dolor
eget nisl elit id
condimentum
arcu erat varius
cursus sem quis eros.

Instead of like this:

Sed sollicitudin dolor eget nisl elit id condimentum arcu erat varius cursus sem quis eros.

Alternatively, paste the text you wish to format as terminal output, select all pasted text, and click the </> button on the taskbar. This will indent the whole pasted section with one TAB, causing it to render the same way as described above.

Thereby increasing legibility thus making it easier for those trying to provide assistance.

For more information, please see:

:bangbang::bangbang: Additionally

If your language isn’t English, please prepend any and all terminal commands with LC_ALL=C. For example:

LC_ALL=C bluetoothctl

This will just cause the terminal output to be in English, making it easier to understand and debug.

3

for example:
right click the NetworkManager applet → choose Connection Settings from the menu that comes up → choose your connection → go to IPv6 settings tab → set the Method to disabled
→ no IPv6 addresses will be assigned or requested from the router anymore

1 Like
4

You have the wrong command

ipv6.disable=1

is the correct one

5

That is not what the wiki says.

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.

2 Likes
6

The above completely disables it and any way it was stated that ipv6.disable_ipv6=1 did not work?

7

Yes, it was stated.
Without further evidence I’m inclined to trust the wiki more :man_shrugging:
and: he said he needs the IPv6 stack to stay (enabled).

What I described is exactly what I did myself on my own system - the result is as described:
no IPv6 addresses present or assigned
without disabling the stack at boot time

1 Like
8

Enable IPv6 Privacy Extensions

net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.enp4s0.use_tempaddr = 2
net.ipv6.conf.wlo1.use_tempaddr = 2

Disable IPv6

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.enp4s0.disable_ipv6 = 1
net.ipv6.conf.wlo1.disable_ipv6 = 1

9

OK, you obviously didn’t read this:

But anyway, I don’t have that file:

$ cat /etc/sysctl.d/40-ipv6.conf

Yet, I don’t have ipv6 addresses:

$ ip a
[...]
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether e0:d5:5e:6a:9b:65 brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
    inet 10.0.0.20/24 brd 10.0.0.255 scope global dynamic noprefixroute eno1
       valid_lft 597384sec preferred_lft 597384sec

And I use the ipv6.disable_ipv6=1 kernel parameter method. So, you can try that. As a prerequisite, ensure you have the install-grub package installed:

pamac install install-grub

To do so, open /etc/default/grub for editing.

sudo nano /etc/default/grub

And in the line starting with GRUB_CMDLINE_LINUX_DEFAULT insert ipv6.disable_ipv6=1 before the closing quotation mark. So that the line is somewhat similar to:

GRUB_CMDLINE_LINUX_DEFAULT="[...] ipv6.disable_ipv6=1 [...]"

Save, Ctrl+O, and Exir nano, Ctrl+X.

Then reinstall/update grub:

sudo install-grub

And reboot if there were no errors.

10

Why another package?

Isn’t
sudo update-grub
enough?

or, alternatively:
sudo grub-mkconfig -o /boot/grub/grub.cfg

This will disable the stack completely - something he said he did not want, but what he tried to do anyway.

11

I’m not :100: sure whether it is or not. I’d rather play it safe.

Because this:

Is much easier than:

Not according to how I understand it:

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.

https://wiki.archlinux.org/title/IPv6#Disable_IPv6

12

right
this will keep the stack:
ipv6.disable_ipv6=1

and this will not:
ipv6.disable=1

update-grub is essentially the same as
sudo grub-mkconfig -o /boot/grub/grub.cfg

I have never even heard of
install-grub

and do not even have it installed

13

Hi, I did read, but mistake ` with -
Thanks for highlighting it to me
Here is my grub, I already have this setting

GRUB_DEFAULT=saved
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Manjaro-G"
GRUB_CMDLINE_LINUX_DEFAULT="quiet udev.log_priority=3 ipv6.disable_ipv6=1"
GRUB_CMDLINE_LINUX="ipv6.disable_ipv6=1"

and I used update-grub to update

I still have a ipv6 address

14

Hi,
ipv6.disable=1 works
ipv6.disable_ipv6=1 does not

15

What about my proposed solution - using NetworkManager interface to disable IPv6 ?
I know it works here.

Look up the difference between

GRUB_CMDLINE_LINUX_DEFAULT=
and
GRUB_CMDLINE_LINUX=

and when which is used - it matters where you put your variables

16

Hi, sorry for late reply
It does not work
ip a shows me inet 6 address, ip.me confirms the same ipv6 address

Edit: it works !! needed a restart after setting “disabled”

17

hi, I actually put it in both because putting it in GRUB_CMDLINE_LINUX_DEFAULT= does not work

18

I still have IPv6 address assigned (checked with ip a)

20

Just for the sake of testing - I did

 $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 04:7b:cb:46:36:c4 brd ff:ff:ff:ff:ff:ff
    inet 172.30.30.20/24 brd 172.30.30.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::d8b9:bf24:c29c:40a3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.191.1/24 brd 192.168.191.255 scope global vmnet1
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fec0:1/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
4: vmnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
    inet 172.16.204.1/24 brd 172.16.204.255 scope global vmnet8
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fec0:8/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

created a file /etc/99-disable-ipv6.conf

 $ cat 99-disable-ipv6.conf 
net.ipv6.conf.all.disable_ipv6 = 1

Save the file and reload the config

sudo sysctl --system

Then once more

 $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 04:7b:cb:46:36:c4 brd ff:ff:ff:ff:ff:ff
    inet 172.30.30.20/24 brd 172.30.30.255 scope global noprefixroute enp1s0
       valid_lft forever preferred_lft forever
3: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.191.1/24 brd 192.168.191.255 scope global vmnet1
       valid_lft forever preferred_lft forever
4: vmnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
    inet 172.16.204.1/24 brd 172.16.204.255 scope global vmnet8
       valid_lft forever preferred_lft forever

I cannot say for your system - but for mine the disable ipv6 config works totally painless…

21

Good!

I will not argue this.
The difference is (supposed to be):

Options in GRUB_CMDLINE_LINUX are always effective.
Options in GRUB_CMDLINE_LINUX_DEFAULT are effective ONLY during normal boot (NOT during recovery mode).

Any time you change anything, you need to update-grub and then reboot to become effective.
Just changing it without updating the grub config won’t have any effect.

But it is solved without any of this - that is what I understood.