How to completely disable IP6

I would like to completely disable IP6, is there a To Do list somewhere than can help me do this?

Most complete way would be to build your own image with none of the IPv6 components added. But why are you wanting to disable IPv6?

4 Likes
2 Likes

Thanks for your message (I am working my way through them, who knew it would be so topical.

Everything else so brilliantly configurable I just figured it would be easy, I was telling someone about OpenWrt and they asked me if this could be done.

For me it is about eliminating things that can go wrong or be missed, exactly as you say, for my friend he is looking for something that makes it harder for the ISP to sniff about your network.

My initial response was to suggest that was what a firewall is for and I said I use the client mode so everything appears as one device, but beyond that I did not have the expertise yet to assure him..

I did tell him to get hold of something like a C7 and install OpenWrt just to play with it.

TBH I do not know why people get so emotive, I was just wondering if there was a to do list because trying something like this is how I learn, I am lousy at RTFM, I have to learn by making something work or by breaking it, each is a piece of the jigsaw.

1 Like

Unfortunately creating your own image is really the only feasible option to ensure it's disabled entirely on the router.

Unless your ISP is providing you with the IPv6 connectivity then this won't be happening. And if you are being provided with IPv6 connectivity that's even more reason to not be disabling it.

Removing/disabling IPv6 on your router won't necessarily stop internal devices using IPv6 to communicate between themselves. You will have to disable it on each device separately.

3 Likes

I didn't see that...in fact, I haven't seen anyone (up to your post quoted) tell you not to do it. I did see you quote another thread, though; and I saw someone ask you why :bulb: . I was going to ask you also, since "completely disabling IPv6" in 2021 isn't really feasible - so I was going to ask the actual issues that were occurring. But it just seems you want it gone.

On the router; or on your clients?

As you were told, on the clients, you have to disable IPv6 on each device. Next, how does the MAC address relate to IPv6?

1 Like

In general one could say that completely disabling IPv6 is not a supported configuration anymore [when using prebuilt images].

There's various services you can disable and a bunch of sysctls you could tune to disable IPv6 link local addressing on interfaces but there's no high level configuration options for that.

7 Likes

Could try putting this in /etc/rc.local

/sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1
/sbin/sysctl -w net.ipv6.conf.default.disable_ipv6=1

EDIT: probably better to add the following lines to /etc/sysctl.conf instead -- this will be effective early in the boot process, while /etc/rc.local happens very late, well after interface initialization:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

It should have the effect of preventing any interface from having an ipv6 address, but I'm not saying I recommend it; I'm in no position to. I've done this on certain local linux-based devices whose behavior I wanted to constrain, but have not tried it on a router. I cannot promise it won't cause some service to complain or fail to start. You almost certainly want to make sure you've set your interfaces not to use any form of ipv6 addressing except link-local before doing it.

8 Likes

If you have uboot, you can edit the bootcmd from within openwrt, and disable ipv6 in kernel by adding the param

ipv6.disable=1

1 Like

I have my target on this right now.
https://openwrt.org/docs/guide-user/additional-software/saving_space
Generally I agree with you. I don’t see any point with IPv6 because it isn’t even near any implementation in this country in near or long future. And there for I really don’t feel the need to learn anything about IPv6 to be able to handle it correctly. We just on infrastructure level run NAT country wide here and no one care about changing this.

It just feels like a headache when running double IP addresses inside the LAN and one doesn’t go anywhere. Actually not even that, it is not many devices of more than 14 available devices that even asks for a IPv6 address from the router, and no one actually needs it to work.
But I still needs to admin it more or less for the security because the devices go around safety features because they got a IPv6 address and a IPv4 address. So everything needs to have both 4 and 6 setup without any cheeting.
Like “you need to block in the IPv6 also”.

When everyone say in these treads every time the question comes up: “you shouldn’t do that (because some RFC rule say that)” it starts to feel more like they (the people making al these internet standard rule books) don’t want to admit that the IPv6 project actually has failed and no one cares about it any longer.

3 Likes

Hilarious. Close to 50% of US traffic to google is IPv6 already

7 Likes

as a sidenote... one of the scripts i'm working on accidentally disabled wan6 last night...

( i'm only talking about 'upstream' broader router ipv6 and not total interface/lan ipv6)

browsing latencies dropped considerably... although I think a page or two broke as well (likely cache@browser related only?)...

interesting that many major sites and providers all favour ipv4 ( github/netflix/cdn )... wonder if that is just a compatibility thing... there must be several more reasons for this...

2 Likes

if it's dead, it's not going to swim at all :wink:

(sorry, couldn't help myself ... )

2 Likes

So right, I thought of the aquarium fishes when they are about to die they kind of behave like this😂

1 Like

and force the application world to instantaniously rewrite and deliver new stacks?

I think alot of peoples 'ipv6' related woes overlook the whole scope involved at an application level.... and hone in on the protocol itself rather than what the upper layers are doing...

(i.e. my observation above could also be totally browser related)

2 Likes

It really doesn't. IPv6 has been implemented and operates across the internet. Its rollout/adoption may not be as fast as was initially hoped, but it is happening. In a more and more connected world, with an ever increasing number of devices being connected to the internet, IPv4 is no longer sustainable. The array of sticking plasters that are being used to eke it out should attest to that.

Do you have IPv6 connectivity from your ISP?

1 Like

For my needs the issue of latency is very interesting, I am already looking to improve latency for gaming but netflix is my other dirty secret. I started with OpenWrt for accessing hotspots while I stay away from home for days at a time, there are still some issues to iron out but I already though of needing two routers (one for AC and one for N radios). My next two sub projects are implementing a VPN and then SQM or vice versa.

One of the TP link routers I own has a single tick box to enable IP6 so I figured it was going to be an easy thing!!

I have already got a two additional routers for "messing around with" as my learning improves, I am only just getting into scripts.

How would I know if my ISP (BT) uses IP6 on their hotspots?

I know they use 100. subnets and I have read that this is CGNAT which I will not pretend to understand.

I also want to know if it is possible to do it the other way around, to disable IP4, but one thing at a time!

Getting IPv6 from my ISP isn't yet an option, and they're not a obscure company, or serving an ignorant market. But I don't just use my tablet at home. So is there a security risk? Does it open up a weakness to have both active? How many bits of public wifi use it?

I don't feel threatened by having it available. And I am beginning to wonder if I should stick with this ISP.

For example T-Mobile has tens of millions of customers on their mobile network in the US, and they operate IPv6 ONLY (they use a NAT64 solution to map the entire IPv4 internet into a small corner of their IPv6 address space)

3 Likes

I did some experimenting this evening.

First I checked and the router and my Win10 computer are both connected to each other with IPv4 and 6.

So I tested disable all IPv6 server settings in all internal interfaces on the router.

Powered off everything in the network and then Power on everything. Ok, to be exact I only disabled the network device in Win10 and powered down the rest of the network to reset all the DHCP leases.
After that Win10 or any other device doesn’t even look at IPv6 and the router gives no IPv6 leases or connections.
And Win10 still has IPv6 activated, it just doesn’t use it when I turned off the server.

I believe some tweaking of this like remove the firewall rules for IPv6 and wan6 zone.
Then I don’t see any scientific chance for a IPv6 connection to appear to the router.

But do not confuse this with the ULA IPv6 address every device has, this is not a connection, it appears more like a “this is my name” address in every device/router interface?

I don’t believe a complete removal of the IPv6 function with a custom image build is really necessary to disable the function.

1 Like