How to disable IPv6 in vyos 1.4


When I configure the lo interface to save the configuration, I am prompted that I cannot set the IPv6 address of lo. How can I disable IPv6?

Hello @gameboy-aa

Try this command:
vyos@vyos# set system ipv6 disable-forwarding

Thank you for your reply. I have tested the command “ set system IPv6 disable forwarding”. It does not work for me. I just found a way to use the following command:
echo "
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0 " >> /etc/sysctl.conf && sysctl -p

Hi.
That option is no longer available in 1.4, and also marked as deprecated in 1.3.
More info can be found here

1 Like

Please provide us with your configuration.
Also write the command you wanted to use and an error occurred.

I’m sorry, I’ve only seen the news now. Here is my configuration:

interfaces {
     loopback lo {
         address 10.8.5.2/32
     }
     wireguard wg01 {
         address 192.168.1.2/24
         ipv6 {
             address {
                 no-default-link-local
             }
         }
         peer central1 {
             address x.x.x.x
             allowed-ips 0.0.0.0/0
             persistent-keepalive 10
             port 40420
             public-key eICIkF8oiiehh1xziucdAZP4ekz+UqROUhYsrCyYrE8=
         }
         port 40813
         private-key sFYPdH5rqn9ysh7mMLNTwbfkaWhKoe2cySxNAzQ6NUk=
     }
     wireguard wg05 {
         address 192.168.5.2/24
         ipv6 {
             address {
                 no-default-link-local
             }
         }
         peer central1 {
             address x.x.x.x
             allowed-ips 0.0.0.0/0
             persistent-keepalive 10
             port 30814
             public-key pgCkxDmrbWa8g7XCXz4+mcCfg4CkhYn6wPZt3ARF33M=
         }
         port 33591
         private-key AMnCHZoUdUG+7KHVOd8FupisyCYbcJfgsxIC8otqTmc=
     }
 }
 protocols {
     ospf {
         area 0 {
             network 2.2.2.2/32
             network 192.168.5.2/32
             network 10.8.5.2/32
             network 192.168.1.2/32
         }
         default-metric 0
         distance {
             ospf {
                 inter-area 1
             }
         }
         neighbor 192.168.1.1 {
         }
         neighbor 192.168.5.1 {
         }
         redistribute {
             static {
                 metric 0
             }
         }
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     conntrack {
         modules {
             ftp
             h323
             nfs
             pptp
             sip
             sqlnet
             tftp
         }
     }
     console {
         device ttyS0 {
             speed 115200
         }
     }
     host-name vyos
     login {
         user vyos {
             authentication {
                 encrypted-password $6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/
                 plaintext-password ""
             }
         }
     }
     name-server 8.8.8.8
     ntp {
         server time1.vyos.net {
         }
         server time2.vyos.net {
         }
         server time3.vyos.net {
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility protocols {
                 level debug
             }
         }
     }
 }

2 Likes

@gameboy-aa: n.fort linked the sensible reasons that it has been deprecated. I must admit I still have it disabled in a vyos 1.4 router on my home network in order to simplify my config, knowing that I’ll have to deal with any issues that might arise because of it.

This is overkill, some of these options make the others irrelevant but for completeness’ sake I just disabled every ipv6 option. It works in my very specific case but I can’t say that it wouldn’t have problems in others.

interfaces {
	# (every interface)
	<type> <name> {
		ipv6 {
			address {
				no-default-link-local
			}
		}
	}
}

system {
	ipv6 {
		disable-forwarding
	}
	sysctl {
		parameter net.ipv6.conf.lo.disable_ipv6 {
			value 1
		}
	}
}

@njh: :stuck_out_tongue: