Oh, just spotted my error. It’s not systemctl --system but sysctl --system. That should produce the mentioned output:
... * Applying /etc/sysctl.d/ipv6_off.conf ... net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
I use ipleak.net to test my VPN. If I see an IPv6 address, I know my VPN is being bypassed. I saw you updated the sysctl command. I’ll respond to that on the it’s thread.
[defaultuser@Xperia10 ~] sysctl -a --pattern "disable_ipv6" net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.bond0.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.ip6_vti0.disable_ipv6 = 0 net.ipv6.conf.ip6tnl0.disable_ipv6 = 0 net.ipv6.conf.ip_vti0.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 net.ipv6.conf.p2p0.disable_ipv6 = 0 net.ipv6.conf.rmnet_data0.disable_ipv6 = 1 net.ipv6.conf.rmnet_data1.disable_ipv6 = 1 net.ipv6.conf.rmnet_data2.disable_ipv6 = 1 net.ipv6.conf.rmnet_data3.disable_ipv6 = 1 net.ipv6.conf.rmnet_data4.disable_ipv6 = 1 net.ipv6.conf.rmnet_data5.disable_ipv6 = 1 net.ipv6.conf.rmnet_data6.disable_ipv6 = 1 net.ipv6.conf.rmnet_data7.disable_ipv6 = 1 net.ipv6.conf.rmnet_ipa0.disable_ipv6 = 1 net.ipv6.conf.sit0.disable_ipv6 = 0 net.ipv6.conf.vpn0.disable_ipv6 = 1 net.ipv6.conf.wlan0.disable_ipv6 = 0 [defaultuser@Xperia10 ~]
[defaultuser@Xperia10 ~]$ ifconfig
-bash: ifconfig: command not found
1.) When I run the command it turns off IPv6
2.) If I reboot, IPv6 is re-enabled 
Again, I am using www.ipleak.net to test
[defaultuser@Xperia10 ~]$ devel-su sysctl --system
Password:
Sorry… I should have run the command as ROOT 
[defaultuser@Xperia10 ~]$ devel-su ifconfig
Password:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:521 errors:0 dropped:0 overruns:0 frame:0
TX packets:521 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:53010 (51.7 KiB) TX bytes:53010 (51.7 KiB)
rmnet_ipa0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING MTU:2000 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.17.0.3 P-t-P:10.17.0.3 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST DYNAMIC MTU:1500 Metric:1
RX packets:518 errors:0 dropped:0 overruns:0 frame:0
TX packets:600 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:142449 (139.1 KiB) TX bytes:57037 (55.7 KiB)
wlan0 Link encap:Ethernet HWaddr 38:78:62:68:3E:12
inet addr:192.168.1.221 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2600:1700:9bd2:34b0:3a78:62ff:fe68:3e12/64 Scope:Global
inet6 addr: fe80::3a78:62ff:fe68:3e12/64 Scope:Link
UP BROADCAST RUNNING MULTICAST DYNAMIC MTU:1500 Metric:1
RX packets:2899 errors:0 dropped:334 overruns:0 frame:0
TX packets:3235 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3000
RX bytes:1118524 (1.0 MiB) TX bytes:454719 (444.0 KiB)
[defaultuser@Xperia10 ~]$
That helps. Settings are properly picked up by sysctl but get overridden by some other process and connman seems to be responsible. You can test that assumption by running
# sysctl --system # ifconfig
Now interface wlan0 will not have an IPv6 address. But after
# systemctl restart connman
or switching flightmode on and off again
# ifconfig
proves the address is back again and sysctl settings are overwritten.
connman offers to disable IPv6 in service configuration files or from commandline but I didn’t find a way to disable it globally or on all interfaces except loopback.
Maybe blocking IPv6 in the firewall helps as it avoids getting a routable address when the interface comes up?