By running sudo sysctl net.ipv6.conf.all.disable_ipv6=1
Typically disabling things reduces attack surfaces. In this case, I canāt imagine it would hurt anything. Is there a reason you are disabling IPV6?
Due to IPv6 leak which exposes my ip. Whatās itās benefit anyway?
Which ipv6 leak are you referring to?
I donāt know now but Debian and Ubuntu enables ipv6 by default that reveals the deviceās MAC address. Disabling ipv6 eliminates this problem, but enabling ipv6 privacy extensions might be good enough to protect the MAC address.
Use ipv6 privacy extensions (RFC 4941):
net.ipv6.conf.all.use_tempaddr = 2
Reveals it to who?
AFAIK Any website you visit. Basically IPv6 uses the MAC address of a device as a seed value when creating the IPv6 address.
Further reading on the topic:
Does sudo sysctl net.ipv6.conf.all.disable_ipv6=1
circumvent that issue?
If i understand correctly from this thread then that command disables IPv6 routing on a Ubuntu, do yes it should mitigate any issues from EUI-64 IPv6 addresses.
Edit, after a quick search it seems i was partially correct. That command does disable IPv6; but only temporarily. To disable it perminantly you need to edit the
ā/etc/sysctl.confā file that controls it.
Source: Ubuntu Forum Thread on the topic
Personally I would not recommend disabling IPv6 completely as it can break things. Instead ensure that the IPv6 privacy extensions are enabled and EUI-64 is not in use and just leave IPv6 on.
How do you d that, exactly?
Paywalled
I believe Ubuntu enables this by default now, but this would be how to configure it otherwise.
Privacy extensions
Add the following sysctl parameters:
/etc/sysctl.d/40-ipv6.conf
Enable IPv6 Privacy Extensions net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 net.ipv6.conf.nic.use_tempaddr = 2
Source:
https://wiki.archlinux.org/title/IPv6
Ubuntu and arch both use sysctl so this should be applicable.
Sorry about that, i mostly was looking for a good explainer on EUI-64, and must not have scrolled far enough yo notice the pay wall. Here is an alternative explanation; which shouldnāt be pay walled.
To sum it up though IPv6 EUI-64 is a method of IPv6 self assignment where the following steps occur to create an address.
- An end device takes its MAC address, splits it in two.
- insert āFFFEā inbetween the two halves
- flip the 7th bit
If you use P2P apps often, then IPv6 will always get you better connectivity.
Otherwise, you can turn off IPv6 without any consequence.
re: IP privacy: Believe you donāt have worry about them any differently than you would for IPv4, as current implementations (as another user noted about Ubuntu) mostly do the right thing.
Some distros donāt. For example Fedora does not use ipv6 privacy extensions.
Is this an issue for Fedora users ? How much important is this extension ?
It is, if you donāt want to get easily tracked by the part of your ipv6 address which gets generated through your MAC address. wonāt change over time if your MAC address does not change and you donāt have ipv6 privacy extensions enabled. Most modern consumer devices have had ipv6 privacy extensions activated for a long time (Windows, Android, ā¦) , but some Linux distros for workstations/laptops still donāt activate it by default
There is a topic here:
Why PG does not add not about this?
This enhances privacy, but could cause problems in some applications, on the other hand.
What type of side-effect can be happen? Torrent, port forwarding, web-rtc, snapdrop are important things for me personally. What may break?
(post deleted by author)
Additional notes about this topic:
randomize IPv6:
-
for local network (especially important for public wi-fi):
Random IP for v6 not assigned (privacy extension not work) - #28 by vgaetera - Fedora Discussion
-
protection for ISP:
IPv6 privacy extension should be enabled.