Deactivating IPv6 on AccessPoint

With this guide https://3os.org/infrastructure/openwrt/disable-ipv6/
I used these commands

cd /etc/config
cat network
ifconfig
uci set 'network.lan.ipv6=0'
uci set 'network.VLAN10_Gast.ipv6=0'
uci set 'network.VLAN20_IoT.ipv6=0'
uci set 'network.loopback.ipv6=0'
uci set network.lan.delegate="0"
uci -q delete network.globals.ula_prefix
uci commit
/etc/init.d/network restart
ifconfig

inet6 addresses are still visible on the "phy" interfaces. What do I have to do now?

eth0      Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1548 errors:0 dropped:1 overruns:0 frame:0
          TX packets:1165 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:154878 (151.2 KiB)  TX bytes:853097 (833.1 KiB)
          Interrupt:4

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:206 errors:0 dropped:0 overruns:0 frame:0
          TX packets:206 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14671 (14.3 KiB)  TX bytes:14671 (14.3 KiB)

phy0-ap0  Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:DC
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

phy0-ap1  Link encap:Ethernet  HWaddr 02:1A:8C:A1:63:DC
          inet6 addr: fe80::1a:8cff:fea1:63dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:16592 (16.2 KiB)

phy0-ap2  Link encap:Ethernet  HWaddr 06:1A:8C:A1:63:DC
          inet6 addr: fe80::41a:8cff:fea1:63dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:992 (992.0 B)

phy1-ap0  Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D4
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

phy1-ap1  Link encap:Ethernet  HWaddr 02:1A:8C:A1:63:D4
          inet6 addr: fe80::1a:8cff:fea1:63d4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:134 errors:0 dropped:0 overruns:0 frame:0
          TX packets:694 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:33450 (32.6 KiB)  TX bytes:71984 (70.2 KiB)

phy1-ap2  Link encap:Ethernet  HWaddr 06:1A:8C:A1:63:D4
          inet6 addr: fe80::41a:8cff:fea1:63d4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1586 (1.5 KiB)

switch    Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1453 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1037 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:121738 (118.8 KiB)  TX bytes:820271 (801.0 KiB)

switch.1  Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D3
          inet addr:10.0.0.191  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1443 errors:0 dropped:210 overruns:0 frame:0
          TX packets:1037 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:121110 (118.2 KiB)  TX bytes:820271 (801.0 KiB)

switch.10 Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D3
          inet addr:10.1.0.191  Bcast:10.1.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

switch.20 Link encap:Ethernet  HWaddr 00:1A:8C:A1:63:D3
          inet addr:10.1.2.191  Bcast:10.1.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:628 (628.0 B)  TX bytes:0 (0.0 B)

Ask where you got instructions?

1 Like

Those are the link-local IPv6 addresses. Any device that can do IPv6 will assign one to itself, even if there is no IPv6 on the network.

Edit: The person who wrote that guide has some rather grave misconceptions about IPv6.

2 Likes

But we still have the fact that all openwrt ipv6 “turn off symbols” are now empty settings since ipv6 is nowadays hardcoded in the kernel without any “turn off setting” and no one of the developers write any code anymore to turn off ipv6 anywhere.
So use these settings may look nice but it is only visual.

1 Like

You can disable local address assignment via sysctl.conf

net.ipv6.conf.default.disable_ipv6 =1
net.ipv6.conf.all.disable_ipv6 =1 
net.ipv6.conf.lo.disable_ipv6 = 0

loopback left with ipv6 just in case some daemon program needs to be additionaly re-configured to disable ip6 sockets.

4 Likes

Yes, disabling v6 in the kernel entirely can break programs that always try to open dual sockets. Setting these flags was an install option on Ubuntu Server but it did break some things.

With default firewall rules anything blocked on the local v4 LAN IPs will also be blocked on the v6 link-locals. The DHCPv6 server will not serve anything if there are no IPs other than link-local. It is a good idea to remove the ULA prefix always (even when you run a v6 LAN) unless your use case a specifically needs ULAs, which is rare.

2 Likes

We talk about an ipv4 Netwerk behind a router. There is no ipv6 dhcp, nothing with ipv6.

Are you sure?

Devices capable of IPv6 give themselves an IPv6 address, even if they don't use it.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.