Disable Native IPv6 & Use Only 6in4 IPv6

I've been using the 6in4 IPv6 he.net tunnel. I recently moved to an area where my ISP provides IPv6. I would like to disable the ISP's IPv6 and keep using only the 6in4 IPv6.

The only machine that needs IPv6 (via tunnel) is an Ubuntu machine, and it only gets IPv6 from the tunnel.

On the Windows clients, I can just turn it off on the network adapter.

But on Android, it was getting an ISP IPv6 address from the router. So I disabled "Use builtin IPv6-management" in /cgi-bin/luci/admin/network/network/wan > Advanced Settings. Now it gets an IPv6 from the tunnel.

Q1: Is the above the proper way to disable handing out of ISP IPv6 to clients?

Q2: I would like to prevent the router from dishing out IPv6 from anywhere to all clients but the Ubuntu machine. How would I go about doing this?

PS: If Q2 is not possible, I will use a firewall rule to block the Android client from using the IPv6 (it doesn't need it), but of course this is the least desirable path.


Why? Ipv6 is fabulous and both the native and tunnel can coexist at the same time.

Also it's generally not possible to prevent other machines from also getting ipv6 and so you will go the firewall route at which point Android will bork, it will try ipv6 and time out and fall back and the whole experience will suck

I would create two separate LANs. One ipv4-only and one with ipv4 and ipv6.

dlakelan i would use IPv6 but keeping our VPN (at gateway level) tight is harder using IPv6. I'd rather eliminate complexity.

mikma that's a good solution. could i use the same subnet and break it up in below and above .128?

Why bother, just use and or the like.

if you break it up, they're two subnets :slight_smile:

The idea is not just to renumber but also to use different VLANs. Put all the VPN using devices on one VLAN and hook up one SSID to that if needed, then create a different VLAN and hook up devices that need ipv6 to that one. You can use both the ISP and tunnel at the same time. Outbound requests can use the probably faster ISP one (you make ISP one have priority) and inbound to the specific tunnel subnet will use the tunnel.