Disable IPv6

I have experienced issues with lethean-vpn when using a server with ipv6 enabled. To remove ipv6 problems I disable ipv6. Maybe it is possible to create a working ipv6 configuration but until it is officially supported by lethean-vpn I am disabling ipv6 on my exit nodes.

First we can take a look and see if there are any ipv6 addresses assigned to the network interfaces:

$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:7e:43:6c brd ff:ff:ff:ff:ff:ff
    inet 147.135.208.118/32 brd 147.135.208.118 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe7e:436c/64 scope link
       valid_lft forever preferred_lft forever

The lines starting with "inet6" is the ipv6 address of the interface. Here we have two interfaces lo and ens3 and both have ipv6 addresses assigned to them. When we start openvpn server we will also get a tun interface for each openvpn service and since we are going to add one openvpn service we will also get a tun0 interface. We can already now make sure ipv6 is going to be disabled on that interface too.

The method I use is "avoid assigning IPv6 addresses to specific network interfaces", see Arch Linux Wiki. Some guides say to make these changes in /etc/sysctl.conf file which also is possible but if we put it in a new file in /etc/sysctl.d/ directory we can just delete the whole file later if we want to undo the changes.

Let's create and edit /etc/sysctl.d/40-ipv6.conf:

$ sudo nano /etc/sysctl.d/40-ipv6.conf

We are going to disable it on lo, ens3 and tun0. If you have more interfaces add them all. As Arch Linux wiki say you must do it on every individual interface to make sure it ipv6 get disabled at boot. In our example we make the file look like this:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens3.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

Save with Ctrl-O and exit nano with Ctrl-X

Now we should also remove any ipv6 entries in the file /etc/hosts Edit and comment out the lines with ipv6

$ sudo nano /etc/hosts

As example like this:

127.0.1.1 pl01.lethernet.com pl01
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

Reboot:

$ sudo reboot

Log in again and we check again if there are any ipv6 addresses assigned to the network interfaces:

$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:7e:43:6c brd ff:ff:ff:ff:ff:ff
    inet 147.135.208.118/32 brd 147.135.208.118 scope global ens3
       valid_lft forever preferred_lft forever

There are no inet6 lines with ipv6 addresses assigned to the network interfaces. This means ipv6 is disabled.