Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. IPv6 is relatively new and sometimes depending on how it’s configured, it can behave badly. This post will show how to disable IPv6 in Linux distro such as Ubuntu, Debian, Kali, Linux Mint etc.
Every device on the Internet is assigned an IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses than the IPv4 address space has available were necessary to connect new devices in the future. By 1998, the Internet Engineering Task Force (IETF) had formalized the successor protocol. IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses and provides approximately 4.3 billion addresses. The two protocols are not designed to be interoperable, complicating the transition to IPv6. However, several IPv6 transition mechanisms have been devised to permit communication between IPv4 and IPv6 hosts.
IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.
IPv6 addresses are represented as eight groups of four hexadecimal digits with the groups being separated by colons, for example 2001:0db8:85a3:0042:1000:8a2e:0370:7334, but methods to abbreviate this full notation exist. However it is not yet widely supported and its adoption is still in progress.
Does your system support IPv6 ?
To make IPv6 work, you need an Operating System that supports IPv6. Ubuntu, Debian, Linux Mint and most modern distros does that. You can check output of ifconfig
to see if IPv6 is working and whether it’s assigned to the network interfaces:
$ ifconfig eth0 Link encap:Ethernet HWaddr 00:1c:c0:f8:79:ee inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21c:c0ff:fef8:79ee/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:110880 errors:0 dropped:0 overruns:0 frame:0 TX packets:111960 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:62289395 (62.2 MB) TX bytes:25169458 (25.1 MB) Interrupt:20 Memory:e3200000-e3220000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:45258 errors:0 dropped:0 overruns:0 frame:0 TX packets:45258 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4900560 (4.9 MB) TX bytes:4900560 (4.9 MB)
Check the line inet6 addr
Next you need a router/modem that also supports IPv6. And beyond that, your ISP must also support IPv6.
Instead of checking every part of the network infrastructure, its better to just find out if you can connect to websites over IPv6. There are lots of websites that test IPv6 support on your connection. Check out http://testmyipv6.com/ for example.
The kernel parameters that enable IPv6 are as follows
$ sysctl net.ipv6.conf.all.disable_ipv6 net.ipv6.conf.all.disable_ipv6 = 0 $ sysctl net.ipv6.conf.default.disable_ipv6 net.ipv6.conf.default.disable_ipv6 = 0 $ sysctl net.ipv6.conf.lo.disable_ipv6 net.ipv6.conf.lo.disable_ipv6 = 0
The same can be also be checked from the proc files
$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6 0
Note that the variables control disabling
of IPv6. So setting them to 1
would disable IPv6
Disable IPv6 if its not supported
So if IPv6 is not supported on your network infrastructure, it might be useful to disable it all together. Why ? It can cause issues like delayed domain lookups, un-necessary attempts to connect to IPv6 addresses causing delay in network connection etc.
I did come across some problems like that. The apt-get command occasionally tries to connect to IPv6 addresses and fails and then retries an ipv4 address. Take a look at this output
$ sudo apt-get update Ign http://archive.canonical.com trusty InRelease Ign http://archive.canonical.com raring InRelease Err http://archive.canonical.com trusty Release.gpg Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80] Err http://archive.canonical.com raring Release.gpg Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80] .....
Errors like those have been more frequent in the recent Ubuntu versions, probably because they try to use IPv6 more than before.
I noticed similar issues happen in other applications like Hexchat and also Google Chrome which would sometimes take longer than usual to lookup a domain name.
So the best solution is to disable IPv6 entirely to get rid of those things. It takes only a small configuration and can help you solve many network issues on your system. Users have even reported an increase in internet speed.
Method 1 – Disable IPv6
Edit the file – /etc/sysctl.conf
$ sudo gedit /etc/sysctl.conf
And fill in the following lines at the end of that file
# IPv6 disabled net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Save the file and close it
Restart sysctl
with
$ sudo sysctl -p
Check the output of ifconfig
again and there should be no ipv6 address
$ ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:5f:28:8b inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1346 errors:0 dropped:0 overruns:0 frame:0 TX packets:965 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1501691 (1.5 MB) TX bytes:104883 (104.8 KB)
If it does not work, then try rebooting the system and check ifconfig
again.
Method 2 – Disable IPv6 – GRUB method
IPv6 can also be disabled by editing the grub
configuration file
$ sudo gedit /etc/default/grub
Look for the line containing GRUB_CMDLINE_LINUX
and edit it as follows
GRUB_CMDLINE_LINUX="ipv6.disable=1"
The same can also be added to the value of the variable named GRUB_CMDLINE_LINUX_DEFAULT
and either would work. Save the file, close it and regenerate the grub configuration
$ sudo update-grub2
Reboot. Now IPv6 should be disabled.
Method 3 – Without disabling IPv6 – setting IPv4 as preferred over IPv6
Find at getaddrinfo(3)
s configuration file; i.e. /etc/gai.conf
and uncomment the line to prefer IPv4 over IPv6.
$ sudo gedit /etc/gai.conf
Locate this line and un-comment it:
#precedence ::ffff:0:0/96 100
So that it looks like this:
precedence ::ffff:0:0/96 100
Save and exit the file. Reboot and you’re all set as IPv4 is preferred now. This is the best way when you want to keep IPv6 enabled but prefer IPv4 for DNS lookup or such.
Conclusion
Disabling IPv6 can cause problems. If your Internet connection and router have already migrated to IPv6, you’ll lose the ability to use it properly. IPv6 may also be required for some home networking functions — for example, the easy-to-use Homegroup home networking feature introduced in Windows 7, Linux etc. requires IPv6 enabled on the computers on your home network to use it.
The entire world is moving towards IPv6, although it’s happening too slowly. IPv6 is necessary to replace IPv4 — we’re running out of IPv4 addresses and IPv6 is the solution. In that context, the last method of setting preferences (Without disabling IPv6 – setting IPv4 as preferred over IPv6) is better. There’s a good chance you don’t actually need IPv6 on your network — unless you rely on Windows Homegroup or similar features — so it may not be particularly harmful to remove if if you know what you’re doing. However, you won’t see a speed improvement from clinging to IPv4 unless there are serious problems with your Internet service provider’s network or your home network.
The moral is, if you notice that IPv6 needs fixing, fix it today rather than postponing until tomorrow. We live in the early days of mass deployment of IPv6, and we need to work together to untangle the implementation quirks that arise. The list of fixes above represents only a small sampling of potential issues. You can always seek help Online at any number of reputable IPv6 discussion forums. Use network misbehavior as an opportunity to learn about and improve the state of IPv6 internetworking and resist any temptations to disable the protocol.
That seems like a good enough reason to turn IPV6 off right there.
Good answer my friend!
What does “precedence ::ffff:0:0/96 100” do in particular?
You don’t need to reboot after editing /etc/gai.conf. Changes will be applied immediately.
Ok, I am seriously missing the point here. If your own network equipment does not support ipv6, your equipment is garbage and should be replaced. If your isp’s equipment doesn’t support ipv6 it is garbage and they should replace it. If their equipment doesn’t supports it but they don’t give out ipv6 addresses your isp is garbage and you should continue calling customer support and asking them to fix your broken connection or just switch isps.
Turning off ipv6 is like applying a tourniquet to a leg with a severed artery. Sure, it’ll stop the bleeding, but the permanent solution is repairing the artery not cutting of the leg.
Hello m,
You can legit questions.
You can create teredo tunnel over tunnel and there’s nothing a firewall/IPS can do about it (think of it as a built in VPN capability). Hence the post to disable in case someone wants it.
There’s a simple method we use in corporate environment, if not used, disable/block it. I am not worried about ISP’s; I am more worried about my IPS’s not being able to decrypt such traffic. Hope that explains. Cheers,
-BMO