I remove/disable as much ipv6 as I can, and still find references to ipv6 in my log. What could I do?
Sun Dec 14 10:14:24 2025 kern.info kernel: [ 1.514795] Segment Routing with IPv6
Sun Dec 14 10:14:24 2025 kern.info kernel: [ 1.518524] In-situ OAM (IOAM) with IPv6
Sun Dec 14 10:14:24 2025 kern.info kernel: [ 1.522485] NET: Registered PF_PACKET protocol family
Sun Dec 14 10:14:24 2025 kern.info kernel: [ 1.527584] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
Sun Dec 14 10:14:25 2025 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Sun Dec 14 10:14:32 2025 daemon.notice openvpn(VPN)[2293]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS [{EDITED}],dhcp-option DNS6 fde6:[{EDITED}]::1,tun-ipv6,route-gateway [{EDITED}],topology subnet,ping 10,ping-restart 60,compress stub-v2,ifconfig-ipv6 fde6:[{EDITED}]::1001/64 fde6:[{EDITED}]::1,ifconfig [{EDITED}] 255.255.255.0,peer-id 0,cipher CHACHA20-POLY1305,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
Sun Dec 14 10:14:32 2025 daemon.notice openvpn(VPN)[2293]: GDG6: remote_host_ipv6=n/a
Sun Dec 14 10:14:32 2025 daemon.notice openvpn(VPN)[2293]: net_route_v6_best_gw query: dst ::
Sun Dec 14 10:14:32 2025 daemon.notice openvpn(VPN)[2293]: net_addr_v6_add: fde6:[{EDITED}]::1001/64 dev tun0
Sun Dec 14 10:14:32 2025 daemon.notice netifd: Network device 'tun0' link is up
Sun Dec 14 10:14:32 2025 daemon.warn openvpn(VPN)[2293]: sitnl_send: rtnl: generic error (-13): Permission denied
Sun Dec 14 10:14:32 2025 daemon.err openvpn(VPN)[2293]: Linux can't add IPv6 to interface tun0
Because it's in the Kernel since a few years and as with IPv4 you can not easily disable or remove it.
You have to not only to patch the Kernel and all it's API and librarys but also all user space tools which use these API.
That particular ULA was pushed through OpenVPN from your VPN provider. You will need to configure OpenVPN to remove it. The OpenVPN process has total control of bringing up the tun0 interface, not OpenWrt.
root@op24:~# cat /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
sysctl net.ipv6.conf.all.disable_ipv6=1
sysctl net.ipv6.conf.default.disable_ipv6=1
exit 0
Then don’t touch it. Then you will get a standard security firewall, if you have IPv6. And if your ISP doesn’t support IPv6, then you will not get public IPv6 network. If they do, then things like gaming probably are a bit faster with IPv6.
The answer is that if you try to remove it you could open it up for attacks, because you also remove the firewall etc etc.
As some OS:es like MS Windows will create a tunnel if there are no IPv6 network.
That is why it are no easy way to turn IPv6 off. Because of security reasons.
If you don’t have wan6 activated (easy to turn off in the device), you will not have external IPv6. Then it is just there, but not useful to reach internet. Because you then will not have any global 2000::/3 network addresses (all global IPv6 addresses starts with a 2 or 3 digit).
