It’s regarding both Leap 15.1 and TW. I’m a little out of humor on this issue, as it is a year-long, uphill fight against opensuse and its constant and repeated attempts to enable ipv6 on its distributions. Earlier they simply switched in NetworkManager the ipv6 setting from “ignored” to something else, now they simply ignore it. I have disabled ipv6 in Yast, in wicked (although not used) as well as in NetworkManager. To no avail. With ip addr I see the eth0 interface still has (again) an ipv6 address. I don’t want it. I can disable it for the current session via
but after the next reboot the same ipv6 stuff is back. Can I delete something once and for ever? Can I disable ipv6 in the kernel on boot (reliably)? Please. There must be solution to get rid of this pest. IPv6 is uncontrollable via router/firewall, as nobody knows which and how many address a single machine has (including the router/firewall). I don't want this security issues on my network.
I have IPv6 running for years already on my systems. It is the way the world goes.Isn’t this like cutting yourself off from the ineternet more and more? To me it looks like an up-hill battle.
Hi Henk! No, everything here running just fine. Even if my ISP would switch to ipv6 Iwould go with ipv4 in the LAN. Again: ipv6 is a security nightmare. Uncontrollable. Insecure and side-channel by design. Can anybody enlighten my, where to turn it off? Pretty, pretty please?
cat /etc/sysctl.conf
####
#
# To disable or override a distribution provided file just place a
# file with the same name in /etc/sysctl.d/
#
# See sysctl.conf(5), sysctl.d(5) and sysctl(8) for more information
#
####
I used this file to disable ipv6 on the debian machine (Dell Precision M6400 with ATI m7740, not playing nice with opensuse anymore) by including
But as this file is so… empty… in TW I though it might be not in use for any kind of configuration.
BIOS is not an option, as my BIOS (all old machines here) don’t have such options. I would not trust is anyway, after I saw Win10 ignoring BIOS-disabled HDDs and simply accessed them anyway…
Actually I observed a large delay upon connecting. This resulted from the router being unable to support ipv6. Thus the network tried to connect again until timeout. When suppressing ipv6 on the link it would not probe for ipv6.
Inet6 is gone in Kubuntu 19.10 with the given link method (foss). Splash screen remains normal if set that way (see grub below) and the router is not affected. Should work the same for TW in Yast.
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether xx xx xx xx xx xx brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether xx xx xx xx xx xxbrd ff:ff:ff:ff:ff:ff
inet xx /24 brd xx.255 scope global dynamic noprefixroute wlp3s0
valid_lft 7198sec preferred_lft 7198sec
uname -a
Linux xx 5.2.0-050200rc6-generic #201906222033 SMP Sun Jun 23 00:36:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
mokutil --sb-state
SecureBoot enabled
Tor browser needs an extra tweak to kill V6 >about:config>IPV6>First entry must be set to false = will be removed>Restart Tor.
Fallback IPV6 is negative = fail + IPV6 test is mark not reachable.
I must say I fully agree with Henk. IPv6 is over 25 years old and many countries (e.g. China, Korea, Japan, etc) didn’t get many IPv4 addresses. Now there are hardly any IPv4 addresses left. I regularly buy for my little business items from China. When I visit my daughter’s place where they have no IPv6 I cannot connect to some of the regular addresses - I only get the response “Server not available”. I agree that there are additional security issues with IPv6, on the other hand just a random IP address may not lead anywhere as there are so many addresses available. I use IPv6 since 2003 or 2004 without problems and see no reason to disable it. With disabling IPv6 you are cutting yourself off a large part of the world.
Cheers
Uli
appreciate any comments, but don’t see the point of “simply use it, won’t hurt.” How would you recognize if you are side-channeled? Especially when it comes to China, USA, UK and alike I would be extremely careful with using protocols so prone to messing up security (or may I call it “insecure by design”? remember which time it was when ipv6 was standardized…).
as long as nobody can provide a secure setup for ipv6 (LAN-wise) I will go with ipv4 and NAT. ipv6 on WAN is a different piece of cake and might be necessary one day, but not now. I never saw any “server not available”. What kind of miss-config should this be to cut off 98% of the internet (the ipv4 world) from your “services”?
As someone who has worked in networking for over 20 years, I can absolutely tell you that your assessment of the IPv6 protocol absolutely incorrect.
In fact, by design, IPv6 is more secure than IPv4 could ever be. It is actually much easier to lockdown and control than IPv4 could ever be. Because of that, nothing has been done to enhance IPv4 for over a decade now.
If you indeed succeed in “turning it off”, it’ll only be to your own demise as you’ll quickly learn, as IPv6 is rolled out worldwide, even running IPv4 on your own LAN will only hinder your ability to nagivate the internet in a safe and sufficient manner.
