IPv6

Related articles

In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at IPv6 tunnel broker setup.

Privacy extensions

To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:

Add these lines to /etc/sysctl.d/40-ipv6.conf:

# Enable IPv6 Privacy Extensions
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.nic0.use_tempaddr = 2
...
net.ipv6.conf.nicN.use_tempaddr = 2

Where nic0 to nicN are your Network Interface Cards. The all.use_tempaddr or default.use_tempaddr parameters are not applied to nic's that already exist when the sysctl settings are executed.

After a reboot, at the latest, Privacy Extensions should be enabled.

dhcpcd

dhcpcd includes in its default configuration file since version 6.4.0 the option slaac private, which enables "Stable Private IPv6 Addresses instead of hardware based ones", implementing RFC 7217 (commit). Therefore, it is not necessary to change anything, except if it is desired to change of IPv6 address more often than each time the system is connected to a new network.

NetworkManager

NetworkManager does not honour the settings placed in /etc/sysctl.d/40-ipv6.conf. This can be verified by running $ ip -6 addr show interface after rebooting: no scope global temporary address appears besides the regular one.

See NetworkManager#Enable IPv6 Privacy Extensions for a workaround.

Note: Although it may seem the scope global temporary IPv6 address created by enabling Privacy Extensions never gets renewed (it never shifts to deprecated status at the term of its valid_lft lifetime), it is to be verified over a longer period of time that this address does indeed change.

Neighbor discovery

Pinging the multicast address ff02::1 results in all hosts in link-local scope responding. An interface has to be specified:

$ ping6 ff02::1%eth0

With a ping to the multicast address ff02::2 only routers will respond.

If you add an option -I your-global-ipv6, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case:

$ ping6 -I 2001:4f8:fff6::21 ff02::1

Static address

Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd (RFC 2461), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.

To assign a static IP address using netctl, look at the example profile in /etc/netctl/examples/ethernet-static. The following lines are important:

...
# For IPv6 static address configuration
IP6=static
Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
Routes6=('abcd::1234')
Gateway6='1234:0:123::abcd'

IPv6 on Comcast

dhcpcd -4 or dhcpcd -6 worked using a Motorola SURFBoard 6141 and a Realtek RTL8168d/8111d. Either would work, but would not run dual stack: both protocols and addresses on one interface. (The -6 command would not work if -4 ran first, even after resetting the interface. And when it did, it gave the NIC a /128 address.) Try these commands:

# dhclient -4 enp3s0
# dhclient -P -v enp3s0

The -P argument grabs a lease of the IPv6 prefix only. -v writes to stdout what is also written to /var/lib/dhclient/dhclient6.leases:

Bound to *:546
Listening on Socket/enp3s0
Sending on   Socket/enp3s0
PRC: Confirming active lease (INIT-REBOOT).
XMT: Forming Rebind, 0 ms elapsed.
XMT:  X-- IA_PD a1:b2:cd:e2
XMT:  | X-- Requested renew  +3600
XMT:  | X-- Requested rebind +5400
XMT:  | | X-- IAPREFIX 1234:5:6700:890::/64

IAPREFIX is the necessary value. Substitute ::1 before the CIDR slash to make the prefix a real address:

# ip -6 addr add 1234:5:6700:890::1/64 dev enp3s0

Disable IPv6

Note: The Arch kernel has IPv6 support built in directly, therefore a module cannot be blacklisted.

Tango-view-fullscreen.png

Tango-view-fullscreen.png

This article or section needs expansion.

Reason: Add reasons why users may want to disable IPv6, such as low-quality DNS servers or firewall rules (Discuss)

Disable functionality

Adding ipv6.disable=1 to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.

One can also avoid assigning IPv6 addresses to specific network interfaces by adding the following sysctl config to /etc/sysctl.d/40-ipv6.conf:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.nic0.disable_ipv6 = 1
...
net.ipv6.conf.nicN.disable_ipv6 = 1

Note that you must list all of the targeted interfaces explicitly, as disabling all.disable_ipv6 does not apply to interfaces that are already "up" when sysctl settings are applied.

Note 2, if disabling IPv6 by sysctl, you should comment out the IPv6 hosts in your /etc/hosts:

#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
#::1 localhost.localdomain localhost

otherwise there could be some connection errors because hosts are resolved to their IPv6 address which is not reachable.

Other programs

Disabling IPv6 functionality in the kernel does not prevent other programs from trying to use IPv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manual pages for a way to disable that functionality.

dhcpcd

dhcpcd will continue to harmlessly attempt to perform IPv6 router solicitation. To disable this, as stated in the dhcpcd.conf (5) man page, add the following to /etc/dhcpcd.conf:

noipv6rs
noipv6

NetworkManager

Tango-mail-mark-junk.png

Tango-mail-mark-junk.png

This article or section needs language, wiki syntax or style improvements.

Reason: Specific approach to disable via GUI (Discuss)

To disable IPv6 in NetworkManager, right click the network status icon, and select Edit Connections > Wired > Network name > Edit > IPv6 Settings > Method > Ignore/Disabled

Then click "Save".

ntpd

Following advice in Systemd#Drop-in snippets, change how systemd starts ntpd.service:

# systemctl edit ntpd.service

This will create a drop-in snippet that will be run instead of the default ntpd.service. The -4 flag prevents IPv6 from being used by the ntp daemon. Put the following into the drop-in snippet:

[Service]
ExecStart=
ExecStart=/usr/bin/ntpd -4 -g -u ntp:ntp

which first clears the previous ExecStart, and then replaces it with one that includes the -4 flag.

See also