VPN connection: How do I disable IPv6?

VPN connection: How do I disable IPv6?

[Luis Felipe]

[-- Attachment #1.1.1: Type: text/plain, Size: 1858 bytes --]

Hi,

I'm using Network Manager and its OpenVPN plugin to configure a VPN 
connection. I can connect to the VPN, my IPv4 changes alright to an IP 
in a different Country, but my IPv6 doesn't change. According to the VPN 
provider, this is an IPv6 leak that makes it possible for services on 
the Internet to identify me. They say the best way to avoid that is to 
use their official app (which is not in available in Guix); but they 
also say one can disable IPv6 at the system level 
(https://protonvpn.com/support/disable-ipv6-protocol-linux/). I tried 
the latter in Guix System by modifying the sysctl service as follows in 
the OS config:

(modify-services
      %desktop-services
      ;; Enable Network Manager OpenVPN plugin.
      (network-manager-service-type
       config =>
       (network-manager-configuration
        (inherit config)
        (vpn-plugins (list network-manager-openvpn))))
      ;; Disable IPv6 to avoid IP leak when connecting to VPN.
      (sysctl-service-type
       config =>
       (sysctl-configuration
        (settings
         (append
          '(("net.ipv6.conf.all.disable_ipv6" . "1")
            ("net.ipv6.conf.default.disable_ipv6" . "1")
            ("net.ipv6.conf.lo.disable_ipv6" . "1")
            ("net.ipv6.conf.tun0.disable_ipv6" . "1"))
          %default-sysctl-settings)))))

However, https://ip.me/ still shows where I am by using IPv6.

I also tried disabling IPv6 from the GNOME settings for the configured 
VPN, but that doesn't seem to work either.

So, I'd really appreciate if anyone can share a functional configuration 
to prevent this kind of leak.

Thanks in advance,

-- 
Luis Felipe López Acevedo
https://luis-felipe.gitlab.io/


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2881 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

Re: VPN connection: How do I disable IPv6?

[Felix Lechner via]

Hi Felipe,

On Fri, Aug 16 2024, Luis Felipe wrote:

> https://ip.me/ still shows where I am by using IPv6.

I believe NetworkManager manages and overrides thos sysctl settings.
I'd disable IPv6 for that interface in NetworkManager with 'nmcli' [1]
and then include the change in your configuration.

Kind regards
Felix

[1] https://linux.fernandocejas.com/docs/troubleshooting/disable-ipv6-using-network-manager

Re: VPN connection: How do I disable IPv6?

[Luis Felipe]

[-- Attachment #1.1.1: Type: text/plain, Size: 814 bytes --]

El 16/08/24 a las 18:19, Felix Lechner escribió:
> Hi Felipe,
>
> On Fri, Aug 16 2024, Luis Felipe wrote:
>
>> https://ip.me/ still shows where I am by using IPv6.
> I believe NetworkManager manages and overrides thos sysctl settings.
> I'd disable IPv6 for that interface in NetworkManager with 'nmcli' [1]
> and then include the change in your configuration.

Aha, that was it, Felix, thank you very much :)

Just in case it is useful to other people, I tested this graphically by

1. Starting GNOME Settings
2. Going to WiFi
3. Clicking the gear on the currently used network
4. Disabling IPv6 on the IPv6 tab

Finally, turned off and on again the WiFi toggle in GNOME Shell, and 
https://ip.me/ now shows a different location.

I'll disable it later in my OS config.

Thanks again,


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2881 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]