Disable IPv6 on OpenVPN gateway

johnpoz

You mean on openvpn interface as in server your running on pfsense or on client connection to some vpn server/service?

If server your running - just pick the IPv4 only mode for protocol

Same goes for your client connections.

Panja

Sorry I had to be more clear.
I mean OpenVPN client, as I'm connecting to a VPN service.

After creating the OpenVPN client I'm adding it to an interface.
IPv6 cannot be disabled there.

johnpoz

On your client settings, tell it to only create a IPv4 gateway

Panja

The strange thing is that I only have a IPv4 gateway created.
But still on the OpenVPN status page I get an IPv4 and IPv6 address.

johnpoz

You mean like this?

That is just a link local address.

Please post a picture of what your seeing.

I take it your using some vpn service - if they hand you an IPv6, and you don't want that - you could prob just use a pull filter in the client setup?
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "

Panja

johnpoz

That is a ULA address.. You would have to get with them on why they are handing those out.. why do you have 3 connections? And your not seeing them on the other ones..

Do you have that client setup to do both ipv4 and IPv6?

You could try the pull filters I mentioned.

Panja

I have 3 connections because I want to run them in failover and/or load balance.
No, I have them set up for UDP IPv4 only.

I've added the following 2 lines to the Custom Options in my client config:
pull-filter ignore "ifconfig-ipv6";
pull-filter ignore "route-ipv6";

This seems to fix it for me. Thanks for pointing that out!

JKnott

@Panja

Why do you want to disable IPv6? Is that ULA causing problems? ULA is the IPv6 equivalent of the RFC 1918 addresses on IPv4. They don't go anywhere beyond the tunnel provider.

With my ISP, if I have my modem configured in gateway mode, I also get ULA from it.

Panja

@JKnott
To be really honest...
A cosmic thing. Apparently not all VPN servers I've added (as client) are handing out ULA's. So on my dashboard it just looked sh*t.
Plus my OCD was hyping over this. ;-)

I just want one standard. So all three should give me an ULA or not.
Not just one.