Service?

After todays (8+ hours) outage at Fremont, we obviously needed to move , so we migrated to Dallas. Dallas like other sites (except Atlanta) hand out IPv6 , which we want turned off…

Usually we'd ask support to turn off the IPv6 and that would be that..

Maybe it was todays stress or what not, or maybe because I was asking for 10 nodes to be touched… but I get this answer:

Oh well for customer service.

__Greetings,

Thank you for taking the time to contact us. We've been disabling IPv6 on your Linodes in the past as a courtesy. However, we must ask that that you disable IPv6 on each Linode by killing off the routes and disabling autoconfiguration and accepting of router advertisements.

To accomplish this you would want to issue these commands:

echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra

echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra

echo 0 > /proc/sys/net/ipv6/conf/all/autoconf

echo 0 > /proc/sys/net/ipv6/conf/default/autoconf

You would then want to add these lines to the end of '/etc/sysctl.conf':

net.ipv6.conf.all.accept_ra = 0

net.ipv6.conf.default.accept_ra = 0

net.ipv6.conf.all.autoconf = 0

net.ipv6.conf.default.autoconf = 0

Finally you'll either want to reboot your Linode, or manually remove IPv6 from your networking:

ip -6 addr del /64 dev eth0

ip -6 route flush dev eth0

I hope this helps! If we can be of any further assistance don't hesitate to contact us.

Regards,

Tim__

21 Replies

@bozo:

Here it is (apologies it's long):

Huh.

Try adding, to your sysctl.conf, net.ipv6.conf.eth0.accept_ra = 0 and net.ipv6.conf.eth0.autoconf = 0… same as the others, just with eth0 in place of default/all. I never did trust Linux's idea of "all" :-)

@db3l:

I do certainly agree that leaving loopback open is unlikely to cause a problem either. It just didn't seem particularly necessary if the goal was to disable IPv6 on a node.

Is the goal to disable it on an entire system, or just on the externally-facing network interfaces? The former probably involves recompiling the kernel.

(Note: there's also net.ipv6.conf.*.disable_ipv6, which seems like it might do something. I ain't touchin' it.)

@bozo:

Yes I did. Actually I have just repeated the whole process just in case and it is still there.

What is the output of:

$ sysctl -A | grep ^net.ipv6.conf

? This will list what the kernel thinks it should be doing.

@db3l:

For myself, I think just the DROP policy rules are sufficient (and really, the INPUT table is the only critical one). If you're trying to ignore IPv6, it doesn't really matter if loopback works.

It is becoming common to treat IPv4 as a subset of IPv6 within applications. For example, your web server likely binds itself to TCP6 socket [::]:80 instead of to TCP 0.0.0.0:80, which will handle the IPv4-only, dual-stack, and IPv6-only cases with one socket. Likewise, even if you disable external IPv6 connectivity, there could still be IPv6 going across the loopback if two IPv6-aware applications want to talk to each other.

I don't know if this actually happens in practice; logging might be a good idea. I personally err to the side of not breaking localhost, since I've done it before and things get very bizarre. But I also treat IPv4 and IPv6 as equivalent security surfaces, so I haven't tried totally blocking IPv6 yet either.

@bozo:

iptablesv4 is a struggle for me - is there a simple ipv6 line that blocks ipv6 at the firewall level.

The approach of the original post would be my first recommendation, from a practical standpoint. However, this will drop all IPv6 traffic as well:

ip6tables -F
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP

Basically, same as you'd do for IPv4, but with "ip6tables" instead of "iptables".

personally, I'd be happier knowing how to disable IPv6 myself so I didnt have to rely on support everytime I needed it doing.

I was not even aware that support would do such tasks. I was under the impression it was fully un-managed, meaning; here is your smoking fast Linux VPS*, have fun.

  • If your VPS is in the Freemont DC, it may or may not be available to fully enjoy that fast Linode experience.

> Oh well for customer service. What ever. If they went in and touched your VPS to make configuration changes without additional compensation, they went way and above what they advertise for their service. Linode is un-managed. Your are your administrator. I wouldn't dare ask them to make any configuration changes to my servers. If I don't know how, I'll figure it out. They manage the network and the physical host, not your VPS.

It is unmanaged. Which is why they said they've done it as a courtesy in the past, but were unwilling to do it this time; you're asking them to manage your linodes for you, and it's an unmanaged service.

The fact that they still provided detailed instructions on how to do it yourself is nice, because some unmanaged hosts would just refuse to do it and leave you to figure it out for yourself.

I think the OP means turning off IPv6 on the host or router level, for that node. Seems like, at least in Dallas, IPv6 is or will be automatically and unconditionally enabled, so if you want it off, turn it off on your own nodes.

You can do it on the network config level, firewall level, application level… your choice.

It's not just Dallas, nor, for that matter, really Linode specific, compared to any network using IPv6 autoconfiguration.

For the OP, IPv6 autoconfiguration is based on router availability broadcasts, so it's not quite the same as a DHCP process, for example. A central router, or routers, broadcast availability, and then the individual clients hear that and automatically pick addresses. So there's no central knob to block/configure any individual client node, as it's all based around a common broadcast.

So while you may not have realized it, your request to Linode was essentially a request for guest-level changes. That's why many responses here are talking about the un-managed nature of a Linode. I suppose Linode could configure hosts to manually filter IPv6 traffic on behalf of a guest, but as with IPv4 filtering, that's not something the hosts currently get involved with.

At this point (at least at the IPv6 enabled data centers), spinning up a Linode is the same as using pretty much any PC with a current OS on an IPv6 enabled network, where the client is going to see IPv6 availability, and its up to the client configuration how it uses that. In most cases that will mean obtaining an auto-configured address.

As Azathoth noted, this process can be blocked on your Linode at multiple levels, one of which Linode supplied details on (stopping the auto-configuration process). For myself, on nodes I don't want to worry about IPv6 on, I tend to just block it at the firewall level, but that's just personal preference.

– David

@db3l:

-snip - For myself, on nodes I don't want to worry about IPv6 on, I tend to just block it at the firewall level -snip-

– David

iptablesv4 is a struggle for me - is there a simple ipv6 line that blocks ipv6 at the firewall level.

Hope this is ok to ask here as it is somewhat different from OP.

@hoopycat:

Basically, same as you'd do for IPv4, but with "ip6tables" instead of "iptables".
For myself, I think just the DROP policy rules are sufficient (and really, the INPUT table is the only critical one). If you're trying to ignore IPv6, it doesn't really matter if loopback works.

Blocking input packets will also block the routing announcements and most likely prevent an autoconfiguration address from being selected (though there may be a race condition at startup depending on when the tables are loaded).

– David

Thks Hoopy and db31 - I have gone with the OP solution, did a reboot and the server comes back up ok. I still have the public IPv6 in my dashboard but trust it is disconnected.

@bozo:

Thks Hoopy and db31 - I have gone with the OP solution, did a reboot and the server comes back up ok. I still have the public IPv6 in my dashboard but trust it is disconnected.
Don't trust – check. Run "ip -6 addr" and see if there are any public IPv6 addresses.

@mnordhoff:

Don't trust – check. Run "ip -6 addr" and see if there are any public IPv6 addresses.

I was thinking about checking a little later, but thanks - this is what I found:

:~$ ip -6 addr
1: lo: <loopback,up,lower_up>mtu 16436 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <broadcast,multicast,up,lower_up>mtu 1500 qlen 1000
    inet6 2600:3c03::f03c:ZZZZ:YYY:XXXX/64 scope global dynamic 
       valid_lft 43122sec preferred_lft 43122sec
    inet6 fe80::f03c:ZZZZ:YYY:XXXX/64 scope link 
       valid_lft forever preferred_lft forever</broadcast,multicast,up,lower_up></loopback,up,lower_up> 

(X,Y,Z redacted)

So … I am out of my depth here but it looks like it is still up?

@bozo:

So … I am out of my depth here but it looks like it is still up?
Yes, it does. Did you edit /etc/sysctl.conf? If you just ran the 'echo' or 'ip' commands, they'll be forgotten on reboot and it'll get reenabled.

@hoopycat:

It is becoming common to treat IPv4 as a subset of IPv6 within applications. For example, your web server likely binds itself to TCP6 socket [::]:80 instead of to TCP 0.0.0.0:80, which will handle the IPv4-only, dual-stack, and IPv6-only cases with one socket.
I agree that behavior can occur, but am not sure how prevalent it is as a default yet, though I have to admit to not knowing what current distribution releases have as default config files, as most of my current configuration files began life quite a bit in the past.

I know my web server (nginx) only includes IPv6 if explicitly asked to (with "[::]"), and even recent versions - 1.0.3 is the last source tree I have handy - have sample configs that only use IPv4 by default. Of course, yes, if enabled, IPv4 and IPv6 can share a socket.

For daemons that might include IPv6 by default, I'm pretty sure they could bind the socket regardless of the state of the filter table, and I'm not sure I'd care if it were on a node I was blocking IPv6 on, since I'm not likely to try to do something there that needs IPv6.

I do certainly agree that leaving loopback open is unlikely to cause a problem either. It just didn't seem particularly necessary if the goal was to disable IPv6 on a node.

– David

(Edit)

PS: Of course, in thinking about it (and perhaps relevant in the context of this thread), I suppose it's precisely because I don't want to accidentally miss some daemon choosing to include IPv6 without my realizing it (and bypassing my IPv4 filters) that makes me set all the ip6table chain policies to DROP :-)

@mnordhoff:

@bozo:

So … I am out of my depth here but it looks like it is still up?
Yes, it does. Did you edit /etc/sysctl.conf? If you just ran the 'echo' or 'ip' commands, they'll be forgotten on reboot and it'll get reenabled.

Yes I did. Actually I have just repeated the whole process just in case and it is still there.

@hoopycat:

@bozo:

Yes I did. Actually I have just repeated the whole process just in case and it is still there.

What is the output of:

$ sysctl -A | grep ^net.ipv6.conf

? This will list what the kernel thinks it should be doing.

Here it is (apologies it's long):

# sysctl -A | grep ^net.ipv6.conf
error: "Invalid argument" reading key "fs.binfmt_misc.register"
error: permission denied on key 'net.ipv4.route.flush'
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.regen_max_retry = 5
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.accept_dad = 1
net.ipv6.conf.all.force_tllao = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.regen_max_retry = 5
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.accept_dad = 1
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.mtu = 16436
net.ipv6.conf.lo.accept_ra = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.router_solicitations = 3
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.use_tempaddr = -1
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.regen_max_retry = 5
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.accept_dad = -1
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.hop_limit = 64
net.ipv6.conf.eth0.mtu = 1500
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.eth0.dad_transmits = 1
net.ipv6.conf.eth0.router_solicitations = 3
net.ipv6.conf.eth0.router_solicitation_interval = 4
net.ipv6.conf.eth0.router_solicitation_delay = 1
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth0.use_tempaddr = 0
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.eth0.regen_max_retry = 5
net.ipv6.conf.eth0.max_desync_factor = 600
net.ipv6.conf.eth0.max_addresses = 16
net.ipv6.conf.eth0.accept_ra_defrtr = 1
net.ipv6.conf.eth0.accept_ra_pinfo = 1
net.ipv6.conf.eth0.proxy_ndp = 0
net.ipv6.conf.eth0.accept_source_route = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.eth0.accept_dad = 1
net.ipv6.conf.eth0.force_tllao = 0
net.ipv6.conf.dummy0.forwarding = 0
net.ipv6.conf.dummy0.hop_limit = 64
net.ipv6.conf.dummy0.mtu = 1500
net.ipv6.conf.dummy0.accept_ra = 1
net.ipv6.conf.dummy0.accept_redirects = 1
net.ipv6.conf.dummy0.autoconf = 1
net.ipv6.conf.dummy0.dad_transmits = 1
net.ipv6.conf.dummy0.router_solicitations = 3
net.ipv6.conf.dummy0.router_solicitation_interval = 4
net.ipv6.conf.dummy0.router_solicitation_delay = 1
net.ipv6.conf.dummy0.force_mld_version = 0
net.ipv6.conf.dummy0.use_tempaddr = 0
net.ipv6.conf.dummy0.temp_valid_lft = 604800
net.ipv6.conf.dummy0.temp_prefered_lft = 86400
net.ipv6.conf.dummy0.regen_max_retry = 5
net.ipv6.conf.dummy0.max_desync_factor = 600
net.ipv6.conf.dummy0.max_addresses = 16
net.ipv6.conf.dummy0.accept_ra_defrtr = 1
net.ipv6.conf.dummy0.accept_ra_pinfo = 1
net.ipv6.conf.dummy0.proxy_ndp = 0
net.ipv6.conf.dummy0.accept_source_route = 0
net.ipv6.conf.dummy0.disable_ipv6 = 0
net.ipv6.conf.dummy0.accept_dad = -1
net.ipv6.conf.dummy0.force_tllao = 0
net.ipv6.conf.teql0.forwarding = 0
net.ipv6.conf.teql0.hop_limit = 64
net.ipv6.conf.teql0.mtu = 1500
net.ipv6.conf.teql0.accept_ra = 1
net.ipv6.conf.teql0.accept_redirects = 1
net.ipv6.conf.teql0.autoconf = 1
net.ipv6.conf.teql0.dad_transmits = 1
net.ipv6.conf.teql0.router_solicitations = 3
net.ipv6.conf.teql0.router_solicitation_interval = 4
net.ipv6.conf.teql0.router_solicitation_delay = 1
net.ipv6.conf.teql0.force_mld_version = 0
net.ipv6.conf.teql0.use_tempaddr = 0
net.ipv6.conf.teql0.temp_valid_lft = 604800
net.ipv6.conf.teql0.temp_prefered_lft = 86400
net.ipv6.conf.teql0.regen_max_retry = 5
net.ipv6.conf.teql0.max_desync_factor = 600
net.ipv6.conf.teql0.max_addresses = 16
net.ipv6.conf.teql0.accept_ra_defrtr = 1
net.ipv6.conf.teql0.accept_ra_pinfo = 1
net.ipv6.conf.teql0.proxy_ndp = 0
net.ipv6.conf.teql0.accept_source_route = 0
net.ipv6.conf.teql0.disable_ipv6 = 0
net.ipv6.conf.teql0.accept_dad = -1
net.ipv6.conf.teql0.force_tllao = 0
net.ipv6.conf.tunl0.forwarding = 0
net.ipv6.conf.tunl0.hop_limit = 64
net.ipv6.conf.tunl0.mtu = 1480
net.ipv6.conf.tunl0.accept_ra = 1
net.ipv6.conf.tunl0.accept_redirects = 1
net.ipv6.conf.tunl0.autoconf = 1
net.ipv6.conf.tunl0.dad_transmits = 1
net.ipv6.conf.tunl0.router_solicitations = 3
error: permission denied on key 'net.ipv6.route.flush'
net.ipv6.conf.tunl0.router_solicitation_interval = 4
net.ipv6.conf.tunl0.router_solicitation_delay = 1
net.ipv6.conf.tunl0.force_mld_version = 0
net.ipv6.conf.tunl0.use_tempaddr = -1
net.ipv6.conf.tunl0.temp_valid_lft = 604800
net.ipv6.conf.tunl0.temp_prefered_lft = 86400
net.ipv6.conf.tunl0.regen_max_retry = 5
net.ipv6.conf.tunl0.max_desync_factor = 600
net.ipv6.conf.tunl0.max_addresses = 16
net.ipv6.conf.tunl0.accept_ra_defrtr = 1
net.ipv6.conf.tunl0.accept_ra_pinfo = 1
net.ipv6.conf.tunl0.proxy_ndp = 0
net.ipv6.conf.tunl0.accept_source_route = 0
net.ipv6.conf.tunl0.disable_ipv6 = 0
net.ipv6.conf.tunl0.accept_dad = -1
net.ipv6.conf.tunl0.force_tllao = 0
net.ipv6.conf.gre0.forwarding = 0
net.ipv6.conf.gre0.hop_limit = 64
net.ipv6.conf.gre0.mtu = 1476
net.ipv6.conf.gre0.accept_ra = 1
net.ipv6.conf.gre0.accept_redirects = 1
net.ipv6.conf.gre0.autoconf = 1
net.ipv6.conf.gre0.dad_transmits = 1
net.ipv6.conf.gre0.router_solicitations = 3
net.ipv6.conf.gre0.router_solicitation_interval = 4
net.ipv6.conf.gre0.router_solicitation_delay = 1
net.ipv6.conf.gre0.force_mld_version = 0
net.ipv6.conf.gre0.use_tempaddr = 0
net.ipv6.conf.gre0.temp_valid_lft = 604800
net.ipv6.conf.gre0.temp_prefered_lft = 86400
net.ipv6.conf.gre0.regen_max_retry = 5
net.ipv6.conf.gre0.max_desync_factor = 600
net.ipv6.conf.gre0.max_addresses = 16
net.ipv6.conf.gre0.accept_ra_defrtr = 1
net.ipv6.conf.gre0.accept_ra_pinfo = 1
net.ipv6.conf.gre0.proxy_ndp = 0
net.ipv6.conf.gre0.accept_source_route = 0
net.ipv6.conf.gre0.disable_ipv6 = 0
net.ipv6.conf.gre0.accept_dad = -1
net.ipv6.conf.gre0.force_tllao = 0
net.ipv6.conf.sit0.forwarding = 0
net.ipv6.conf.sit0.hop_limit = 64
net.ipv6.conf.sit0.mtu = 1480
net.ipv6.conf.sit0.accept_ra = 1
net.ipv6.conf.sit0.accept_redirects = 1
net.ipv6.conf.sit0.autoconf = 1
net.ipv6.conf.sit0.dad_transmits = 1
net.ipv6.conf.sit0.router_solicitations = 3
net.ipv6.conf.sit0.router_solicitation_interval = 4
net.ipv6.conf.sit0.router_solicitation_delay = 1
net.ipv6.conf.sit0.force_mld_version = 0
net.ipv6.conf.sit0.use_tempaddr = -1
net.ipv6.conf.sit0.temp_valid_lft = 604800
net.ipv6.conf.sit0.temp_prefered_lft = 86400
net.ipv6.conf.sit0.regen_max_retry = 5
net.ipv6.conf.sit0.max_desync_factor = 600
net.ipv6.conf.sit0.max_addresses = 16
net.ipv6.conf.sit0.accept_ra_defrtr = 1
net.ipv6.conf.sit0.accept_ra_pinfo = 1
net.ipv6.conf.sit0.proxy_ndp = 0
net.ipv6.conf.sit0.accept_source_route = 0
net.ipv6.conf.sit0.disable_ipv6 = 0
net.ipv6.conf.sit0.accept_dad = -1
net.ipv6.conf.sit0.force_tllao = 0
net.ipv6.conf.ip6tnl0.forwarding = 0
net.ipv6.conf.ip6tnl0.hop_limit = 64
net.ipv6.conf.ip6tnl0.mtu = 1452
net.ipv6.conf.ip6tnl0.accept_ra = 1
net.ipv6.conf.ip6tnl0.accept_redirects = 1
net.ipv6.conf.ip6tnl0.autoconf = 1
net.ipv6.conf.ip6tnl0.dad_transmits = 1
net.ipv6.conf.ip6tnl0.router_solicitations = 3
net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
net.ipv6.conf.ip6tnl0.force_mld_version = 0
net.ipv6.conf.ip6tnl0.use_tempaddr = -1
net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
net.ipv6.conf.ip6tnl0.regen_max_retry = 5
net.ipv6.conf.ip6tnl0.max_desync_factor = 600
net.ipv6.conf.ip6tnl0.max_addresses = 16
net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1
net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1
net.ipv6.conf.ip6tnl0.proxy_ndp = 0
net.ipv6.conf.ip6tnl0.accept_source_route = 0
net.ipv6.conf.ip6tnl0.disable_ipv6 = 0
net.ipv6.conf.ip6tnl0.accept_dad = -1
net.ipv6.conf.ip6tnl0.force_tllao = 0

I ended up going the iptables route for this, I tried changing the sysctl parameters including net.ipv6.conf.all.disable_ipv6=1 etc but they don't seem to work on linode, they work locally on vmware.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct