You are not logged in.
- Topics: Active | Unanswered
#1 2016-07-24 22:38:22
- kgizdov
- Package Maintainer (PM)
- From: Edinburgh, UK
- Registered: 2015-12-08
- Posts: 113
Disable/Enable IPv6 on demand (e.g. for VPN)
Hi,
I'm using NetworkManager and I want to configure it so that when I connect to my VPN, it will disable IPv6. This is because the VPN does not support IPv6 and I all IPv6 requests are routed normally outside the VPN, defeating its purpose. I tried looking on the wiki and Google-ing but to no avail. Does anyone know how to automate this?
Thanks.
Last edited by jasonwryan (2016-07-24 23:13:08)
Offline
#2 2016-07-24 23:14:11
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: Disable/Enable IPv6 on demand (e.g. for VPN)
Please don't include redundant requests for help in thread titles: https://wiki.archlinux.org/index.php/Co … ow_to_post
A service file or using openvpn's hooks would be the best way to acheive this.
Offline
#3 2016-07-25 13:01:38
- kgizdov
- Package Maintainer (PM)
- From: Edinburgh, UK
- Registered: 2015-12-08
- Posts: 113
Re: Disable/Enable IPv6 on demand (e.g. for VPN)
Please don't include redundant requests for help in thread titles: https://wiki.archlinux.org/index.php/Co … ow_to_post
A service file or using openvpn's hooks would be the best way to acheive this.
According to this old post network-manager-openvpn doesn't do hooks. How would I go about making a service file. My question is, what will I be checking in order to activate/deactivate the service? Also, as NetworkManager doesn't like sysctl variables, how do I interactively block/unblock IPv6?
Offline
#4 2016-08-18 13:36:54
- kgizdov
- Package Maintainer (PM)
- From: Edinburgh, UK
- Registered: 2015-12-08
- Posts: 113
Re: Disable/Enable IPv6 on demand (e.g. for VPN)
I've managed to almost solve my issue, but there is either a bug with NetworkManager or I'm missing something. When I try to re-enable IPv6 after the VPN goes down, NM hangs. I have tried two methods of doing this - issue an IP update with dhcpd; disconnect and reconnect the network device through nmcli. Both of those do not succeed. What is more interesting is that NM hangs, fails to execute the hook, then fails the thread and issues the same reconnection commands on its own successfully. Let me give an example of what I mean. Currently, I have the following scripts to work around this issue:
/etc/NetworkManager/dispatcher.d/99vpn-down-ipv6:
#!/bin/sh
IF=$1
STATUS=$2
if [[ ("$IF" = "tun0") && ("$STATUS" = "down") ]]; then
# Enable IPv6 in system ctl
sysctl -w net.ipv6.conf.wlp58s0.disable_ipv6=0
# Disconnect and reconnect wifi
# nmcli dev disconnect wlp58s0 # this succeeds
# nmcli dev connect wlp58s0 # this hangs if run as a hook by NM
nmcli radio wifi off
nmcli radio wifi on
fi/etc/NetworkManager/dispatcher.d/pre-up.d/99vpn-ipv6:
#!/bin/sh
IF=$1
STATUS=$2
if [[ ("$IF" == "tun0") && ("$STATUS" = "pre-up") ]]; then
# Disable IPv6 in system ctl
sysctl -w net.ipv6.conf.wlp58s0.disable_ipv6=1
sysctl -w net.ipv6.conf.tun0.disable_ipv6=1
fiSo if I run nmcli dev disconnect/connect from inside the hook, the hook fails. Afterwards, NM itself runs nmcli dev connect, which succeeds. Running dhcpd fails too... Thus, I resort to running nmcli radio wifi off && nmcli radio wifi on in the hook, which works fine as long as NM has autoreconnect enabled and I'm not on Ethernet, but it's not ideal.
Last edited by kgizdov (2016-08-18 13:46:05)
Offline