Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable IPv6 on OpenVPN gateway

    OpenVPN
    openvpn ipv6
    3
    11
    7.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      You mean on openvpn interface as in server your running on pfsense or on client connection to some vpn server/service?

      If server your running - just pick the IPv4 only mode for protocol
      serverIPv4.jpg

      Same goes for your client connections.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • P
        Panja
        last edited by Panja

        Sorry I had to be more clear.
        I mean OpenVPN client, as I'm connecting to a VPN service.

        After creating the OpenVPN client I'm adding it to an interface.
        IPv6 cannot be disabled there.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          On your client settings, tell it to only create a IPv4 gateway

          gatewaycreation.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            Panja
            last edited by

            The strange thing is that I only have a IPv4 gateway created.
            But still on the OpenVPN status page I get an IPv4 and IPv6 address.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              You mean like this?

              openvpn.jpg

              That is just a link local address.

              Please post a picture of what your seeing.

              I take it your using some vpn service - if they hand you an IPv6, and you don't want that - you could prob just use a pull filter in the client setup?
              pull-filter ignore "ifconfig-ipv6 "
              pull-filter ignore "route-ipv6 "

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 1
              • P
                Panja
                last edited by Panja

                https://imgur.com/uAdgQVn

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  That is a ULA address.. You would have to get with them on why they are handing those out.. why do you have 3 connections? And your not seeing them on the other ones..

                  Do you have that client setup to do both ipv4 and IPv6?

                  ipv6.jpg

                  You could try the pull filters I mentioned.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • P
                    Panja
                    last edited by Panja

                    I have 3 connections because I want to run them in failover and/or load balance.
                    No, I have them set up for UDP IPv4 only.

                    I've added the following 2 lines to the Custom Options in my client config:
                    pull-filter ignore "ifconfig-ipv6";
                    pull-filter ignore "route-ipv6";

                    This seems to fix it for me. Thanks for pointing that out!

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @Panja
                      last edited by

                      @Panja

                      Why do you want to disable IPv6? Is that ULA causing problems? ULA is the IPv6 equivalent of the RFC 1918 addresses on IPv4. They don't go anywhere beyond the tunnel provider.

                      With my ISP, if I have my modem configured in gateway mode, I also get ULA from it.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • P
                        Panja
                        last edited by Panja

                        @JKnott
                        To be really honest...
                        A cosmic thing. Apparently not all VPN servers I've added (as client) are handing out ULA's. So on my dashboard it just looked sh*t.
                        Plus my OCD was hyping over this. ;-)

                        I just want one standard. So all three should give me an ULA or not.
                        Not just one.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.