IPv6
Related articles
In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at IPv6 tunnel broker setup.
Contents
Privacy extensions
To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:
Add these lines to /etc/sysctl.d/40-ipv6.conf
:
# Enable IPv6 Privacy Extensions net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 net.ipv6.conf.nic0.use_tempaddr = 2 ... net.ipv6.conf.nicN.use_tempaddr = 2
Where nic0
to nicN
are your Network Interface Cards. The all.use_tempaddr
or default.use_tempaddr
parameters are not applied to nic's that already exist when the sysctl settings are executed.
After a reboot, at the latest, Privacy Extensions should be enabled.
dhcpcd
dhcpcd includes in its default configuration file since version 6.4.0 the option slaac private
, which enables "Stable Private IPv6 Addresses instead of hardware based ones", implementing RFC 7217 (commit). Therefore, it is not necessary to change anything, except if it is desired to change of IPv6 address more often than each time the system is connected to a new network.
NetworkManager
NetworkManager does not honour the settings placed in /etc/sysctl.d/40-ipv6.conf
. This can be verified by running $ ip -6 addr show interface
after rebooting: no scope global temporary
address appears besides the regular one.
See NetworkManager#Enable IPv6 Privacy Extensions for a workaround.
Neighbor discovery
Pinging the multicast address ff02::1
results in all hosts in link-local scope responding. An interface has to be specified:
$ ping6 ff02::1%eth0
With a ping to the multicast address ff02::2
only routers will respond.
If you add an option -I your-global-ipv6
, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case:
$ ping6 -I 2001:4f8:fff6::21 ff02::1
Static address
Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd (RFC 2461), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.
To assign a static IP address using netctl, look at the example profile in /etc/netctl/examples/ethernet-static
. The following lines are important:
... # For IPv6 static address configuration IP6=static Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96') Routes6=('abcd::1234') Gateway6='1234:0:123::abcd'
IPv6 on Comcast
dhcpcd -4
or dhcpcd -6
worked using a Motorola SURFBoard 6141 and a Realtek RTL8168d/8111d. Either would work, but would not run dual stack: both protocols and addresses on one interface. (The -6
command would not work if -4
ran first, even after resetting the interface. And when it did, it gave the NIC a /128 address.) Try these commands:
# dhclient -4 enp3s0 # dhclient -P -v enp3s0
The -P
argument grabs a lease of the IPv6 prefix only. -v
writes to stdout
what is also written to /var/lib/dhclient/dhclient6.leases
:
Bound to *:546 Listening on Socket/enp3s0 Sending on Socket/enp3s0 PRC: Confirming active lease (INIT-REBOOT). XMT: Forming Rebind, 0 ms elapsed. XMT: X-- IA_PD a1:b2:cd:e2 XMT: | X-- Requested renew +3600 XMT: | X-- Requested rebind +5400 XMT: | | X-- IAPREFIX 1234:5:6700:890::/64
IAPREFIX
is the necessary value. Substitute ::1
before the CIDR slash to make the prefix a real address:
# ip -6 addr add 1234:5:6700:890::1/64 dev enp3s0
Disable IPv6
Disable functionality
Adding ipv6.disable=1
to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.
Alternatively, adding ipv6.disable_ipv6=1
instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.
One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to /etc/sysctl.d/40-ipv6.conf
:
# Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.nic0.disable_ipv6 = 1 ... net.ipv6.conf.nicN.disable_ipv6 = 1
Note that you must list all of the targeted interfaces explicitly, as disabling all.disable_ipv6
does not apply to interfaces that are already "up" when sysctl settings are applied.
Note 2, if disabling IPv6 by sysctl, you should comment out the IPv6 hosts in your /etc/hosts
:
#<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost #::1 localhost.localdomain localhost
otherwise there could be some connection errors because hosts are resolved to their IPv6 address which is not reachable.
Other programs
Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manual pages for a way to disable that functionality.
dhcpcd
dhcpcd will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf (5)
man page, add the following to /etc/dhcpcd.conf
:
noipv6rs noipv6
NetworkManager
To disable IPv6 in NetworkManager, right click the network status icon, and select Edit Connections > Wired > Network name > Edit > IPv6 Settings > Method > Ignore/Disabled
Then click "Save".
ntpd
Following advice in Systemd#Drop-in snippets, change how systemd starts ntpd.service
:
# systemctl edit ntpd.service
This will create a drop-in snippet that will be run instead of the default ntpd.service
. The -4
flag prevents IPv6 from being used by the ntp daemon. Put the following into the drop-in snippet:
[Service] ExecStart= ExecStart=/usr/bin/ntpd -4 -g -u ntp:ntp
which first clears the previous ExecStart
, and then replaces it with one that includes the -4
flag.
See also
- IPv6 - kernel.org documentation
- IPv6 temporary addresses - a summary about temporary addresses and privacy extensions
- IPv6 prefixes - a summary of prefix types
- net.ipv6 options - documentation of kernel parameters