Author Topic: Disabling IPv6 in Sailfish OS? (Read 4171 times)

depscribe · « **on:** August 18, 2018, 05:15:28 pm »

More fun: Thought I'd at least get ProtonVPN working on the gadget and found a very nice little set of scripts on OpenRepos to do it. All went well right until the end when during connect the connection failed because IPv6 is available. I need to make it unavailable. Is there a quick and easy way to force IPv4 and nuke IPv6?

UPDATE: I found the answer, and in case it's of use to anyone else, here it is:

Disable IPv6 using the following commands:

Code: [Select]

devel-su sysctl -w 
net.ipv6.conf.default.disable_ipv6=1
devel-su sysctl -w 
net.ipv6.conf.default.disable_ipv6=1

Add following lines:

Code: [Select]

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

to the IPv6 settings file: devel-su vim /etc/sysctl.d/ipv6-settings.conf

(This from: https://together.jolla.com/question/163103/...on-sailfish-os/ )

speculatrix · « **Reply #1 on:** August 19, 2018, 11:41:27 am »

I'm surprised you needed to disable IPv6, in general, things should work just fine with it on.
Do you know what the problem was?

depscribe · « **Reply #2 on:** August 19, 2018, 05:33:51 pm »

Quote from: speculatrix

I'm surprised you needed to disable IPv6, in general, things should work just fine with it on.
Do you know what the problem was?

Proton people believe that there is an address leak in IPv6 and won't allow installation if IPv6 is functioning.

https://protonvpn.com/support/prevent-ipv6-vpn-leaks/

https://together.jolla.com/question/163103/...on-sailfish-os/

vader · « **Reply #3 on:** August 19, 2018, 09:17:23 pm »

Another thing to try (google first) is to blacklist the ipv6 module. This is what I normally do for my other linux systems. Before somebody says "you shouldn't disable IPV6", there are definitely some network setups in which IPV6 doesn't play nicely. Some legacy servers/devices won't play well, and if IPV6 gets the first byte (couldn't resist) of the cherry, it will fail, and timeout eventually. To save this delay, you could fix the legacy device, or just disable IPV6. Time is money, so everyone here disabled IPV6

Going through the sys system is another way - and works just as well. The only difference is that blacklisting stops IPV6 from even starting. You can check which interfaces IPV6 is running on with:

cat /proc/net/if_inet6

Sorry, didn't see this thread on the weekend, I was away.

speculatrix · « **Reply #4 on:** August 19, 2018, 10:51:58 pm »

Quote from: depscribe

Proton people believe that there is an address leak in IPv6 and won't allow installation if IPv6 is functioning.

Ah, thanks for the clarification.

As a network administrator who's deployed ipv6, in the workplace and at home, I think it's an important skill and worth learning to use and troubleshoot.. good on the CV.

depscribe · « **Reply #5 on:** August 20, 2018, 12:16:58 pm »

Quote from: vader

Another thing to try (google first) is to blacklist the ipv6 module. This is what I normally do for my other linux systems. Before somebody says "you shouldn't disable IPV6", there are definitely some network setups in which IPV6 doesn't play nicely. Some legacy servers/devices won't play well, and if IPV6 gets the first byte (couldn't resist) of the cherry, it will fail, and timeout eventually. To save this delay, you could fix the legacy device, or just disable IPV6. Time is money, so everyone here disabled IPV6

I'm probably missing something obvious, but the structure of Sailfish is such that I can't find where to blacklist it. If there's an /etc/modprobe.d directory, I can't find it.

Blacklisting does seem the most elegant way of doing it, because it can be readily undone. But damned if I can figure out how. Though I just realized that I haven't blacklisted anything since systemd.

Recipe?

vader · « **Reply #6 on:** August 20, 2018, 07:23:31 pm »

Quote from: depscribe

I'm probably missing something obvious, but the structure of Sailfish is such that I can't find where to blacklist it. If there's an /etc/modprobe.d directory, I can't find it.

Blacklisting does seem the most elegant way of doing it, because it can be readily undone. But damned if I can figure out how. Though I just realized that I haven't blacklisted anything since systemd.

Recipe?

I checked on mine and I have /etc/modprobe.d with a few files in it. There is even a blacklist. It seems as though all drivers are compiled into the kernel, but you could still try to create something like:

/etc/modprobe.d/blacklist.local

with contents:

blacklist ipv6

News:

Author Topic: Disabling IPv6 in Sailfish OS? (Read 4171 times)