How to completely remove ipv6?
-
Ummm... In some parts of the world, you won't have a choice. In the next couple of years you'll need IPv6 in China and India. I also saw something about NIST, in the U.S. and plans for moving the country to IPv6 and getting rid of IPv4.
-
@jknott said in How to completely remove ipv6?:
Ummm... In some parts of the world, you won't have a choice. In the next couple of years you'll need IPv6 in China and India. I also saw something about NIST, in the U.S. and plans for moving the country to IPv6 and getting rid of IPv4.
As a matter of fact, how to completely remove ipv6 on pfsense?
I disable ipv6 on my FreeBSD servers.
The pfsense does not work!
I am disenchanted with pfsense's policies.
Why not let people choose to use ipv6 or not, people are being driven into the framework of ipv6 marketers!
I'm starting to think that raising the gateway on pfsense was a bad idea, much better on pure FreeBSD. -
@bars said in How to completely remove ipv6?:
I don't need ipv6
I hear ya.. And I concur if you don't want to use it, and have nothing your trying to access that requires it.. There is little reason to have it operational.
While it is the future, if you don't want to play with it currently.. Just turn it off - but with the way current OSes are setup if your trying to get rid of it completely, ie no link-local address even. Its a bit more complicated, but the device having a linklocal address doesn't mean it will use IPv6. On your wan just set IPv6 to None - there you go no IPv6 will be used.
That some user in country XYZ can only get an IPv6 address has nothing to do with your connection. If the ISP is only giving their clients IPv6, they have to have a method in place to allow that client to talk to IPv4, or it wouldn't be viable solution. Since they wouldn't be able to even get to most of the sites they would want to go to.
Anyone hosting any service to the public internet would also have to allow for IPv4, since most of the planet doesn't have viable IPv6 as of yet. https://whynoipv6.com/ Notice one of the top sites on the planet baidu.com doesn't have IPv6 - its in china, same goes for 2 of their other top sites..
"Out of the top 1000 Alexa sites, only 440 has IPv6 enabled"
Device like mobile phones are big IP users, there are so freaking many of them. Many of them only get IPv6, for example my t-mobile phone in the US only gets IPv6.. But the isp has put in method for them to get to IPv4 addresses..
Just because system shows it has link-local IPv6 address, doesn't mean its actually used.. But it has been setup in the kernel - you will see use of :: and ::1 for example for the local address..
While if your tech enthusiast, and like to play and learn - playing with IPv6 can be a rewarding experience. But there is a learning curve, its just not a longer IP address ;) some of the basic stuff has changed how it works. IPv6 doesn't use arp for example.. It uses NDP.. Filtering IPv6 can be a challenge since clients love to use temporary addresses to start a conversation from. Some clients don't like to use dhcpv6, and only use slaac, so assignment of specific address can be more of a challenge.
While I would encourage heading down the IPv6 learning path.. If your that sort of person, there is also no reason for you to enable a protocol that is not required at this time if you do not want to. You not choosing to use IPv6 at this time sure and the hell is not going to hold up the transition to it on a global scale ;)
My current isp doesn't provide it, and I have to use a IPv6 tunnel from HE to use it. But I only use it as I want to use it, most of my devices don't have IPv6 at all, I can turn it on or off on my main windows PC with a click if I want to play with it ;)
-
@johnpoz
Included and used are essentially different words!
Why can't you just add ipv6_activate_all_interfaces = "NO" to rc.conf without rebuilding the kernel world? -
@bars said in How to completely remove ipv6?:
Why can't you just add ipv6_activate_all_interfaces = "NO" to rc.conf without rebuilding the kernel world?
You should get with the OS makers for that ;) heheh
I hear yeah - it would be nice for those that just don't want to see any sort of IPv6 at all, and have zero use for it at this time.. But again just because your interface shows IPv6 link-local and stuff shows :: and ::1 as addresses in say netstat output doesn't actually mean IPv6 is going to be used. If there is no actual ULA or GUA to be used.
If you don't want to use IPv6 via pfsense, just don't set up any addresses, don't create any allow rules that allow IPv6.. You could go the next step and uncheck
But that just tends to create log spam since any IPv6 it happens to see, like clients asking for RA or NDP, etc. generate firewall log entries because its specifically blocked, etc.
I think there are a few different camps, there are the users that have really no idea what an IP is at all, so it makes little difference if IPv4 or IPv6 as long as they get to facebook, etc.
Then there are those that actually want to use IPv6 and learn about it, and want it to work with their ISP.. But they come to find while their ISP says they support IPv6 - its minimal at best, maybe they don't support prefix delegation at all. Or their delegations can change when the wind blows, etc. etc.
Then you have others that got feed up with the lack luster deployment of ISP ipv6 and just went with a tunnel because its easier to use, get a static /48, can setup PTRs etc. etc. Can use that /48 no matter what isp I use be it they support ipv6 or not.
In the big picture IPv6 is the future, so getting OS support and devices to support is a requirement. Creating that support at the core of the OS is really needed. And even having it be default sure ok.. I too wish it was easier and more straight forward in just completely disabling it..
Then there are a few that just wish they could rip it completely out ;) But to be honest I think that is a small camp.. And getting the OS makers to make it easier to disable "completely" prob doesn't have a lot of support.
-
@johnpoz
future ))).
In 100-150 years it is possible))).
In general, I doubt that ipv6 will be in the masses!
ipv6 is currently used in black deeds only!
ipv6 is needed for current purposes for hacking and similar cases.
I do not like it when the system has junk according to the settings, ipv6 is not used, then completely remove it, why keep it active ?!
I've heard enough.
Here is my screen.
All the same, I'll start slowly setting up my gateway on FreeBSD.
-
@bars said in How to completely remove ipv6?:
In 100-150 years it is possible))).
heheh - I don't think its that far out.. I would guess more like 10 to 20 years.. There have been large changes.. Many a phone only has IPv6.. Because there are billions of them ;)
It is going to be slow road, because to be honest the partial movement has freed up IPv4 space - and there is a very active "gray" market if you will for the selling of IPv4 space to those that want it. And find it cheaper to just pay for IPv4 (even if costly) then go with IPv6
We sold off a large chunk of our IPv4 /16 to major players ;) now only have a /19 but still way more space than actively using..
To be honest I think you would see more drive towards it if some major sites would announce that hey in X years you will only be able to get to us via IPv6.. But I don't see any major player doing that.. I mean for example amazon isn't even IPv6 in their public facing servers yet.
If company X is working with IPv4, what advantage is there for them to put forth the money and time and effort, etc. etc. to support IPv6.. Companies don't like spending money unless it works for their bottom line.
Users are not calling their ISP saying hey I need IPv6 or going to switch.. Since there is no actual anything they really want to get to or use that requires IPv6 at this time.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@bars said in How to completely remove ipv6?:
ipv6 is currently used in black deeds only!
ipv6 is needed for current purposes for hacking and similar cases.
I do not like it when the system has junk according to the settings, ipv6 is not used, then completely remove it, why keep it active ?!
I've heard enough.????
IPv6 is needed because the limited IPv4 address space is crippling the Internet and NAT breaks some things. Also, 4G and later cell network requires IPv6 support. IPv6 also provides some performance improvemance. In fact, some Microsoft stuff requires IPv6. For example their games set up a Teredo tunnel, if IPv6 isn't available and Windows HomeGroup also required it.
I've been running IPv6 on my home network for over 11.5 years.
-
@johnpoz said in How to completely remove ipv6?:
Users are not calling their ISP saying hey I need IPv6 or going to switch.
The problem is, many don't even know about IPv6 and happily mess with NAT and STUN for games, thinking that's how networks are supposed to work.
-
@jknott said in How to completely remove ipv6?:
The problem is, many don't even know about IPv6 and happily mess with NAT and STUN for games, thinking that's how networks are supposed to work.
I will remain unconvinced!
I will not prove anything.
But I know that ipv6 is useless for the current realities! -
@bars said in How to completely remove ipv6?:
But I know that ipv6 is useless for the current realities!
As long as the big players, the major ISP's and dedicated server hosts, can include an IPv4 for your end device, for your router so you can have a 'real' IPv4 or your dedicated web server/mail server etc, the issue will be neutral for the public.
Right now, /24 blocks of IPv4 are still negotiated and sold among private entities, like our ISP's and other IPv4 consumers.
I don't know what the cost of a /24 IPv4 is these days, but it must be multiple digit number. And soon, if not already, this price will influence your monthly ISP fee. IPv4 will become a extra $$$ option.Assigning RFC1918 IP's as a WAN IP to end user might do the trick for some users, but it's considered a real pain. For example, VPN-to-home will be impossible.
@johnpoz said in How to completely remove ipv6?:
We sold off a large chunk of our IPv4 /16 to major players ;)
If you can tell us :
What did this /16 cost initially ?
( and for what price were they sold ? ) -
@gertjan It probably cost nothing. it depends on if it was "Legacy" or not (Issued before December 22, 1997). The going rate for a /24 is probably about US$12,000. (All comments are WRT ARIN. Can't speak to other regions.)
-
@bars said in How to completely remove ipv6?:
But I know that ipv6 is useless for the current realities!
Tell that to someone who's stuck behind carrier grade NAT and can't connect to their own network from elsewhere. There are a lot of those, some of them here.
The Internet was supposed to be transparent end to end. NAT breaks that, along with some other stuff.
-
@jknott said in How to completely remove ipv6?:
@bars said in How to completely remove ipv6?:
But I know that ipv6 is useless for the current realities!
Tell that to someone who's stuck behind carrier grade NAT and can't connect to their own network from elsewhere. There are a lot of those, some of them here.
The Internet was supposed to be transparent end to end. NAT breaks that, along with some other stuff.
This is me, unfortunately. Vyve Broadband bought my local cable company, and shortly after the transition was complete my service got moved one night out of the blue to CGNAT. Woke up one morning to notice my WAN IP had changed. My remote access VPN stopped working as did my Hurricane Electric IPv6 tunnel. And unless I am willing to tolerate much lower speeds, I'm stuck with this provider for now in my rural area.
-
Are they dual stack or strictly IPv4?
-
@jknott said in How to completely remove ipv6?:
Are they dual stack or strictly IPv4?
Only IPv4. I'm going to try going by the local office one day and see about getting moved back to one of their remaining non-NAT IPv4 segments. Don't know if I will be successful or not. My previous friendly tech contact has left their employ and moved elsewhere, so my inside connection is gone. All phone calls, even to the local number, now go to their call center in Texas or Oklahoma someplace.
-
I'm a lot luckier with my ISP. They've been providing native IPv6 for about 6 years and via 6to4 and 6rd tunnels for a while before that. They are also my cell phone carrier so not only does my phone get an IPv6 address, but so do devices I tether to it. Also, my IPv4 address is virtually static and the host name depends on my hardware MAC addresses, so I have no problems with connecting my VPN to my network.
