From ArchWiki
Revision as of 21:53, 26 September 2012 by AskApache (talk | contribs) (added how to add to kernel line if using grub or grub2)
Jump to: navigation, search

zh-CN:IPv6 zh-TW:Disabling IPv6 Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary end

In Arch Linux, IPv6 is enabled by default. If you are looking for information regarding IPv6 tunnels, you may want to look at IPv6 - Tunnel Broker Setup.

Privacy Extensions

To enable Privacy Extensions for Stateless Address Autoconfiguration in IPv6 according to RFC 4941, reproduce the following steps:

Add these lines to /etc/sysctl.conf:

# Enable IPv6 Privacy Extensions
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.<nic0>.use_tempaddr = 2
net.ipv6.conf.<nicN>.use_tempaddr = 2

Where <nic0> to <nicN> are your nic's (the "all" or "default" parameters do not apply to nic's that already exist when the sysctl settings are applied).

After a reboot, at the latest, Privacy Extensions should be enabled.

Neighbor Discovery

Pinging the multicast address ff02::1 results in all hosts in link-local scope responding. An interface has to be specified. With a ping to the multicast address ff02::2 only routers will respond.

$ ping6 ff02::1%eth0

If you add an option -I <your-global-ipv6>, link-local hosts will respond with their link-global scope addresses. The interface can be omitted in this case.

$ ping6 -I 2001:4f8:fff6::21 ff02::1

Static Address

Sometime using static address can improve security. For example, if your local router uses Neighbor Discovery or radvd (RFC 2461), your interface will automatically be assigned an address based its MAC address (using IPv6's Stateless Autoconfiguration). This may be less than ideal for security since it allows a system to be tracked even if the network portion of the IP address changes.

To assign a static address (for example 2001:470:1000:1000::5/64):

Add your static IP using netcfg. You can load them at startup by specifying your netcfg profiles in the NETWORKS section of /etc/rc.conf:


DESCRIPTION='ipv6+ipv4 eth0'





Finally DAEMONS section should contain "net-profiles" instead of the deprecated "network". See Netcfg for more information.

Disable IPv6

Disabling IPv6 has been reported to speed up network access for programs that try using it before IPv4 on networks that do not support it. Incidentally, Firefox is listed among the affected applications. Until the widespread adoption of IPv6, one may benefit by disabling it.

Furthermore, an enabled ipv6 stack is known to expose bugs in some software in certain situations, even if it is not actually used. Disabling the stack works around these problems.

Note: As of version 3.2.6-2, the Arch kernel has IPv6 support built in directly [1] therefore, the old ipv6 kernel module no longer exists. Blacklisting the module does not work anymore, but below method of disabling the IPv6-stack works.

Disable functionality

Adding ipv6.disable=1 to the kernel line in your bootloader configuration disables the whole ipv6 stack, which is likely what you want if you are experiencing issues.

Alternatively, adding ipv6.disable_ipv6=1 instead will keep the ipv6 stack functional, but not assign ipv6 addresses to any of your network devices.

Adding to kernel line

With grub edit /boot/grub/menu.lst

kernel /vmlinuz26 root=/dev/sda3 ro ipv6.disable=1 quiet 3

With grub2 edit /boot/grub.cfg:

linux   /vmlinuz-linux root=UUID=a3... ro ipv6.disable=1 quiet

One can also avoid assigning ipv6 addresses to specific nic's by adding the following sysctl config to /etc/sysctl.d/ipv6.conf:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.<nic0>.disable_ipv6 = 1
net.ipv6.conf.<nicN>.disable_ipv6 = 1

Note that you must list all the relevant nic's explicitly, as disabling "all" does not apply to nic's that are already set up when sysctl settings are applied.

Other programs

Disabling ipv6 functionality in the kernel does not prevent other programs from trying to use ipv6. In most cases, this is completely harmless, but if you find yourself having issues with that program, you should consult the program's manpages for a way to disable that functionality.

For instance, dhcpcd will continue to harmlessly attempt to perform ipv6 router solicitation. To disable this, as stated in the dhcpcd.conf manpage, add the following to /etc/dhcpcd.conf:


See also

  • IPv6 - kernel.org Documentation