IPv6 internet access despite "IPv4 only"


Dataone

Recommended Posts

UPDATE - Bug report submitted here:

 

https://forums.unraid.net/bug-reports/stable-releases/672-ipv6-internet-access-despite-ipv4-only-r754/

 

UnRaid 6.8.0-rc7. Diagnositcs attached.

 

As the title says, I can access the internet via ipv6 even though I have set ipv4 to only. I am not skilled by any means when it comes to networking, but surely ipv6 should be disabled?

 

Screenshot_20191130_123923.png.6bdbd16ba2efa3003ef123bdb0935599.png

 

Screenshot_20191130_123938.thumb.png.f7414e585cec84d561a6dbaf171c7160.png

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.101  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::2cb5:9cff:fe94:fd69  prefixlen 64  scopeid 0x20<link>
        inet6 2404:4408:2375:d500:4216:7eff:fe63:b6ba  prefixlen 64  scopeid 0x0<global>
        ether 40:16:7e:63:b6:ba  txqueuelen 1000  (Ethernet)
        RX packets 254036  bytes 50807042 (48.4 MiB)
        RX errors 0  dropped 141  overruns 0  frame 0
        TX packets 254523  bytes 66927758 (63.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::4216:7eff:fe63:b6ba  prefixlen 64  scopeid 0x20<link>
        ether 40:16:7e:63:b6:ba  txqueuelen 1000  (Ethernet)
        RX packets 258001  bytes 54625894 (52.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 254559  bytes 66932531 (63.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.64.16.210  netmask 255.255.255.255  destination 10.64.16.210
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 4796  bytes 3301888 (3.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5047  bytes 789600 (771.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If I manually remove the ipv6 routes through the GUI, ipv6 is disabled for a minute or two before the routes re-populate. If someone could help me figure out why IPv6 is enabled, that would be great. Looks like I might need to just use ipv6.disable=1 as a kernel parameter

 

Thanks

tower-diagnostics-20191130-0037.zip

Edited by Dataone
Link to comment

"IPv4 + IPv6":

 

Screenshot_20191201_153449.thumb.png.69c84239d9cea46b84b33ed7817e382a.png

 

root@tower:~# ip route show table all

default dev wg0 table 51820 scope link 
default via 192.168.1.1 dev br0 
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.101 
local 10.64.16.210 dev wg0 table local proto kernel scope host src 10.64.16.210 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br0 table local proto kernel scope link src 192.168.1.101 
local 192.168.1.101 dev br0 table local proto kernel scope host src 192.168.1.101 
broadcast 192.168.1.255 dev br0 table local proto kernel scope link src 192.168.1.101 

local ::1 dev lo proto kernel metric 0 pref medium
::1 dev lo proto kernel metric 256 pref medium
local 2404:4408:2375:d500:bdb9:e06b:cd34:24bd dev br0 proto kernel metric 0 pref medium
2404:4408:2375:d500::/64 dev br0 proto ra metric 225 pref medium
local fe80::4216:7eff:fe63:b6ba dev eth0 proto kernel metric 0 pref medium
local fe80::f083:abff:fe7d:721a dev br0 proto kernel metric 0 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
ff00::/8 dev wg0 metric 256 pref medium
ff00::/8 dev br0 metric 256 pref medium
ff00::/8 dev eth0 metric 256 pref medium
default via fe80::1af1:45ff:fea4:9ff0 dev br0 proto ra metric 225 pref medium

 

"IPv4 only":

 

Screenshot_20191201_153825.thumb.png.edf2df4833c75184f019352cf6424412.png

 

root@tower:~# ip route show table all

default dev wg0 table 51820 scope link 
default via 192.168.1.1 dev br0 
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.101 
local 10.64.16.210 dev wg0 table local proto kernel scope host src 10.64.16.210 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br0 table local proto kernel scope link src 192.168.1.101 
local 192.168.1.101 dev br0 table local proto kernel scope host src 192.168.1.101 
broadcast 192.168.1.255 dev br0 table local proto kernel scope link src 192.168.1.101 

local ::1 dev lo proto kernel metric 0 pref medium
::1 dev lo proto kernel metric 256 pref medium
local 2404:4408:2375:d500:4216:7eff:fe63:b6ba dev br0 proto kernel metric 0 pref medium
2404:4408:2375:d500::/64 dev br0 proto kernel metric 256 expires 691200sec pref medium
local fe80::1c3a:dcff:fede:bb53 dev br0 proto kernel metric 0 pref medium
local fe80::4216:7eff:fe63:b6ba dev eth0 proto kernel metric 0 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
ff00::/8 dev wg0 metric 256 pref medium
ff00::/8 dev br0 metric 256 pref medium
ff00::/8 dev eth0 metric 256 pref medium
default via fe80::1af1:45ff:fea4:9ff0 dev br0 proto ra metric 1024 expires 298sec hoplimit 64 pref medium

 

The only difference I see between the two is a different IPv6 IP for the br0 interface.

Link to comment

By any chance does your router and/or modem support IPv6 and is it turned on?

 

As I recall, all IPv4 addresses map seamlessly into IPv6 space so the issue may be largely academic if everything is compatible with IPv6.  I believe it is when you attempt to use IPv6 in an IPv4 only system that things get wacky.  The problem is that the world is running out of addresses in the IPV4 environment.  I understand that India is already in that state.  Again relying on my memory, I think cellphones are one of the major drivers in the demand for IP addresses as many of them are using the Internet for more of their features.

Link to comment
10 minutes ago, Frank1940 said:

By any chance does your router and/or modem support IPv6 and is it turned on?

Hi,

 

My modem does support IPv6, and Unraid appears to be using it to access certain domains. (Notably google)

 

I suppose my issue here is that I believe Unraid should not be assigning IPv6 adresses to interfaces nor even have the routes available when set to "IPv4 only". However, ideally yes, I should be setting up my network to be compatible with IPv6 but for the moment I'd prefer if everything was disabled rather than left in a default state until I decide to manually configure it. (I believe it's using DHCPv6?)

 

Cheers

Edited by Dataone
Link to comment

Its not DHCPv6, but rather SLAAC which built in to the Linux kernel if the IPv6 module is loaded (or compiled in)

your router is sending RA (router advertisement) packets, which tells IPv6 devices that support SLAAC what the /64 prefix should be and the (client generates the other 64bits via MAC to EUI-64 or some RNG (privacy address)

 

You could turn it off with the following sysctl tunables

net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.all.accept_ra = 0
 

Link to comment
3 minutes ago, ken-ji said:

Its not DHCPv6, but rather SLAAC which built in to the Linux kernel if the IPv6 module is loaded (or compiled in)

your router is sending RA (router advertisement) packets, which tells IPv6 devices that support SLAAC what the /64 prefix should be and the (client generates the other 64bits via MAC to EUI-64 or some RNG (privacy address)

 

You could turn it off with the following sysctl tunables

net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.all.accept_ra = 0
 

Thanks for the info, do you know if the routes showing with "IPv4 only" is a bug/unintended behaviour? It still doesn't seem like IPv6 should be doing anything with that network setting presumably disabled. Cheers

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.