Disable IPv6 on OpenVPN gateway

Panja · Dec 6, 2019, 12:16 PM

When assigning an OpenVPN gateway there is no option to disable IPv4 and/or IPv6.

IPv4/IPv6 Configuration
This interface type does not support manual address configuration on this page.

I would like to disable IPv6 for my OpenVPN interfaces.
How can I do this?

johnpoz · Dec 6, 2019, 12:25 PM

You mean on openvpn interface as in server your running on pfsense or on client connection to some vpn server/service?

If server your running - just pick the IPv4 only mode for protocol

Same goes for your client connections.

Panja · Dec 6, 2019, 12:26 PM

Sorry I had to be more clear.
I mean OpenVPN client, as I'm connecting to a VPN service.

After creating the OpenVPN client I'm adding it to an interface.
IPv6 cannot be disabled there.

johnpoz · Dec 6, 2019, 1:22 PM

On your client settings, tell it to only create a IPv4 gateway

Panja · Dec 6, 2019, 1:27 PM

The strange thing is that I only have a IPv4 gateway created.
But still on the OpenVPN status page I get an IPv4 and IPv6 address.

johnpoz · Dec 6, 2019, 1:38 PM

You mean like this?

That is just a link local address.

Please post a picture of what your seeing.

I take it your using some vpn service - if they hand you an IPv6, and you don't want that - you could prob just use a pull filter in the client setup?
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "

Panja · Dec 6, 2019, 1:44 PM

johnpoz · Dec 6, 2019, 1:57 PM

That is a ULA address.. You would have to get with them on why they are handing those out.. why do you have 3 connections? And your not seeing them on the other ones..

Do you have that client setup to do both ipv4 and IPv6?

You could try the pull filters I mentioned.

Panja · Dec 6, 2019, 2:03 PM

I have 3 connections because I want to run them in failover and/or load balance.
No, I have them set up for UDP IPv4 only.

I've added the following 2 lines to the Custom Options in my client config:
pull-filter ignore "ifconfig-ipv6";
pull-filter ignore "route-ipv6";

This seems to fix it for me. Thanks for pointing that out!

JKnott · Dec 6, 2019, 2:38 PM

@Panja

Why do you want to disable IPv6? Is that ULA causing problems? ULA is the IPv6 equivalent of the RFC 1918 addresses on IPv4. They don't go anywhere beyond the tunnel provider.

With my ISP, if I have my modem configured in gateway mode, I also get ULA from it.

Panja · Dec 6, 2019, 2:44 PM

@JKnott
To be really honest...
A cosmic thing. Apparently not all VPN servers I've added (as client) are handing out ULA's. So on my dashboard it just looked sh*t.
Plus my OCD was hyping over this. ;-)

I just want one standard. So all three should give me an ULA or not.
Not just one.