You are not logged in.
Pages: 1
Topic closed
I am running Arch Linux on a virtual machine in VirtualBox. I am using a VPN that doesn't support ipv6, so I am trying to disable ipv6 so that I am not bypassing the vpn.
I've followed the directions on the wiki for disabling ipv6. I have put the following in /etc/sysctl.d/40-ipv6.conf
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.enp0s3.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
On a reboot, my ethernet interface still has ipv6 enabled and an ipv6 address:
# sysctl -a | grep "disable_ipv6"
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.enp0s3.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
If I run sysctl --system it gets disabled properly:
# sudo sysctl --system
* Applying /etc/sysctl.d/40-ipv6.conf ...
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.enp0s3.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/50-dmesg-restrict.conf ...
kernel.dmesg_restrict = 1
* Applying /etc/sysctl.d/50-kptr-restrict.conf ...
kernel.kptr_restrict = 1
It seems that sysctl runs on boot, but that the value gets overwritten. How can I verify that or find out what overwrites it?
Offline
Re-read the wiki page and try a different method https://wiki.archlinux.org/index.php/IP … ctionality
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
This is a consequence of the order in which things are applied.
systemd-analyze plot > /tmp/something.svg
The svg file will show you that systemd-sysctl.service which is responsible for applying the parameters within: /etc/sysctl.d/40-ipv6.conf is executed before the presence of your wlan adapter:
sys-subsystems-net-devices-wlan0-device.
This is also the reason why a sudo sysctl --system after reboot will apply the parameters.
Offline
/etc/sysctl.d/40-ipv6.conf is executed before the presence of your wlan adapter
This is irrelevant because net.ipv6.conf.default.* are the defaults which apply to all interfaces added in the future.
The problem is that systemd installs some udev rules to /lib/udev/rules.d which are executed on all newly added interfaces and screw up their configuration behind your back. Run
udevadm test /sys/class/net/wlan0
for the ugly details. You need to either neutralize the udev rule which runs systemd-sysctl or find where systemd-sysctl pulls the new sysctl settings from - possibly some files in /usr/lib/sysctl.d. Or add a udev rule which overrides them back afterwards. Have fun
Or, if you really care about security, firewall this VM on the host side so that it can only access the VPN gateway, like people do with TOR.
Last edited by mich41 (2017-03-19 12:03:34)
Offline
That's all good but this thread is getting old and the OP seems to have lost interest. Closing.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline
Pages: 1
Topic closed