Results 1 to 10 of 10

Thread: Disable IPv6 only when a VPN connection is active

  1. #1

    Default Disable IPv6 only when a VPN connection is active

    My ISP recently activated IPv6 on our service. This is now playing havoc with my IPv4 OpenVPN connections. The problem is that when I make connections, I want them to always go over the IPv4 VPN connection, but my system is prioritizing IPv6, and so the services I connect to think that I'm not on the VPN. In fact, when I'm on certain VPNs, I don't even want to use the non-VPN IPv6 connection as a fallback—if I can't connect to a service through the IPv4 VPN, I don't want to connect at all.

    I usually connect to the VPNs using Plasma's NetworkManager panel applet. Is there any way I can configure it so that all existing IPv6 connections are automatically disabled when I connect to a VPN, and automatically enabled again when I disconnect from the VPN? Failing that, is there any way of configuring NetworkManager (the upstream tool, not the KDE applet) to automatically do this?

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,079
    Blog Entries
    1

    Default Re: Disable IPv6 only when a VPN connection is active

    Which desktop? The KDE NM connection editor has an option 'IPv4 is required for this connection' which can be enabled. There should be something similar if using Gnome.

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,079
    Blog Entries
    1

    Default Re: Disable IPv6 only when a VPN connection is active

    BTW, it adds the 'may-fail=false' entry to the applicable connection file in the /etc/NetworkManager/system-connections/ directory...
    Code:
    [ipv4]
    dns-search=
    may-fail=false
    method=auto
    ...so you could just edit by hand if desired. It should take effect when the connection is next activated.

  4. #4

    Default Re: Disable IPv6 only when a VPN connection is active

    Quote Originally Posted by deano_ferrari View Post
    Which desktop?
    As I mentioned in my OP, I am using KDE.
    The KDE NM connection editor has an option 'IPv4 is required for this connection' which can be enabled. There should be something similar if using Gnome.
    I think you may have misunderstood my question. I am not asking how to enable IPv4 for my VPN connection; that already works fine. I am asking how to disable IPv6 on my regular ethernet/wireless connection whenever the VPN is active, so that I can force my computer to route all traffic over the IPv4 VPN. The checkbox you refer to has no effect on IPv6.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,079
    Blog Entries
    1

    Default Re: Disable IPv6 only when a VPN connection is active

    Then use a dispatcher script to disable IPv6 when VPN connection is active.

    IPv6 can be disabled on the on the fly with
    Code:
    sysctl -w net.ipv6.conf.all.disable_ipv6=1
    and enabled again when the VPN connection is deactivated.
    Last edited by deano_ferrari; 23-Mar-2018 at 00:33.

  6. #6

    Default Re: Disable IPv6 only when a VPN connection is active

    Quote Originally Posted by deano_ferrari View Post
    Then use a dispatcher script to disable IPv6 when VPN connection is active.
    Thanks. I take it, then, that there is no way of doing this from the Plasma widget? Perhaps a feature request is in order…

    In the meantime, I called up my ISP and got them to switch me back to IPv4-only. This is not a long-term solution but prevents me from having to mess around with scripts for the time being.

  7. #7
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,127

    Default Re: Disable IPv6 only when a VPN connection is active

    Quote Originally Posted by psych0naut View Post
    This is not a long-term solution .....
    The long time solution is of course that you (or anybody else) do not bother if a connection uses IPv4 or IPv6. Thus I doubt if asking to build in such switches in software will get much support.
    Henk van Velden

  8. #8

    Default Re: Disable IPv6 only when a VPN connection is active

    Quote Originally Posted by hcvv View Post
    The long time solution is of course that you (or anybody else) do not bother if a connection uses IPv4 or IPv6. Thus I doubt if asking to build in such switches in software will get much support.
    Sure, I would love not to have to care whether a given connection goes over IPv4 or IPv6. But as I mentioned in my original post, not caring is not an option when you are using a VPN and need to make sure that all your network traffic goes through that VPN. I can't help it if the VPNs I must use for my job are IPv4-only. I am certainly not the only person in this situation—for instance, a quick survey of commercial "privacy VPN" services show that many of them are also IPv4-only. At least one of them says that this is because of security/privacy problems with IPv6 implementations and with how some VPN software handles IPv6. (I have no idea whether OpenVPN and Linux's IPv6 stack are among those affected by these problems.)

    So my not caring about IPv4/IPv6 will need to wait until my VPN providers don't care about it either, and that in turn will need to wait until those providers are satisfied enough with the security/privacy of IPv6 implementations that they start supporting them.

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,127

    Default Re: Disable IPv6 only when a VPN connection is active

    I do not deny what you say, but you suggest a feature request and I doubt that that will stir people into activity because they will probably not put resources into it for the reasons I explained above (after all IPv6 should already be supported by all involved for many years). But you can of course always try.
    Henk van Velden

  10. #10
    Join Date
    Mar 2008
    Location
    Phuket, Thailand
    Posts
    26,695
    Blog Entries
    38

    Default Re: Disable IPv6 only when a VPN connection is active

    You could just permanently disable IPV6 on your openSUSE all the time (whether vpn up or vpn down). in openSUSE-LEAP-42.3 (I have not tried with Tumbleweed) this can be done via YaST > system > network settings. Change to use the "Network Manager". Also in that menu ensure "enable IPv6" is not selected. You need to reboot to have that applied.

    Its not precisely what you asked for - but it does stop IPV6.
    Last edited by oldcpu; 02-Apr-2018 at 15:27.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •