Friday 31 January 2020

How to disable IPv6 on Ubuntu

Some web servers don't support IPv6 connections and might refuse such connections with 403 HTTP error (Forbidden).

Linux prioritises IPv6 over IPv4 so we need to deprioritise IPv6 or disable it completely on machine's network interfaces.

To drop the IPv6 priority we can edit /etc/gai.conf and uncomment the following line:

# precedence ::ffff:0:0/96  100

If this is not giving desired results we can disable IPv6 completely.



To check first that IPv6 traffic from your machine is enabled, go to some IP checker website (e.g.  https://test-ipv6.com/ or https://whatismyipaddress.com/) and check what it detects (if it shows or not your IPv6 address).

You can also run

$ ifconfig | grep inet6

...and check if (local) IPv6 addresses are assigned to active interfaces.


To disable IPv6 do the following:


1) Open /etc/sysctl.conf

$ sudo nano /etc/sysctl.conf


2) Append the following lines to the existing configuration and save the file:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

If there is a network adapter with inet6 address assigned, like this one:

$ ifconfig 
...
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.15  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fd04:3f2a:df62:0:a9b4:d5a4:e119:be04  prefixlen 64  scopeid 0x0<global>
        inet6 fd04:3f2a:df62:0:f796:34ff:fef7:fd19  prefixlen 64  scopeid 0x0<global>
        inet6 2a02:c7f:ac1b:bf01:4d82:4779:3eb4:2f46  prefixlen 64  scopeid 0x0<global>
        inet6 fd04:3f2a:df62:0:b8b4:35ee:28ed:6ee6  prefixlen 64  scopeid 0x0<global>
        inet6 fd04:3f2a:df62:0:4a82:4779:3eb4:2f46  prefixlen 64  scopeid 0x0<global>
        inet6 2a02:c7f:ac1b:bf00:f656:34ff:fef7:fd19  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::f696:34ff:fef7:fd29  prefixlen 64  scopeid 0x20<link>
        ether f4:96:34:f8:fd:19  txqueuelen 1000  (Ethernet)
        ...

...then add also the line which disables IPv6 on it:

net.ipv6.conf.wlp2s0.disable_ipv6 = 1


3) Instruct OS to re-read this config file:

$ sudo sysctl -p


Changes will be applied immediately, even if you are on the active VPN connection.

To validate changes, repeat IPv6 validation steps described above.

$ ifconfig 
...
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.15  netmask 255.255.255.0  broadcast 192.168.0.255
        ether f4:96:34:f8:fd:19  txqueuelen 1000  (Ethernet)
        ...


If we now go to some public IP checker e.g. https://www.whatismyip.com/ we'll see that our public IPv6 address is not detected anymore:



No comments: