How can I keep ipv6 disabled?


I want to use a VPN and I added it do to this tutorial: [how-to] ProtonVPN on Sailfish OS -

It worked fine but as soon as I reboot the phone or switch to Cellular data my ipv6 is leaked again. The settings doesn’t seem to change. If I repeat Step 7 everything is fine again. Can someone help me because typing in this commands(Step 7) every time is pretty much impossible.

Looking forward for an answer!
Thanks in advance!!!

1 Like

Why would anyone want to disable IPv6 for this? It’ll be dysfunctional after disabling it …
Did you think about sending IPv6 the same route as IPv4, through a VPN? If configured properly, an OpenVPN service will tunnel IPv4 and IPv6 at the same time, being accessible via IPv4 and IPv6 at the same time, with the very same client configuration. I don’t know whether Proton supports this, but I manage some VPN endpoints and they worked like this for years …

Hi Maus,

thank you for your answer! Do to this articel: How to prevent IPv6 leaks on your device - ProtonVPN Support ProtonVPN doesn’t support ipv6 or did I understood it wrong? I’m honestly not an expert on VPNs but right now I leak my IPv6 so how can I fix this if I got it wrong?

They’re not very precise at ProtonVPN, reading up from the link you gave:

ProtonVPN applications block all IPv6 traffic by default. To be precise, IPv6 traffic gets rerouted to the VPN server and never leaves it, only IPv4 traffic does in order to ensure that your real IP address is not leaked.

If they indeed re-route all IPv6 traffic to the VPN server and drop it there, you’d be “safe”, wouldn’t you? But the rest of the text tells a different tale, it’s not coherent …

Anyway, you can check your routes after enabling your VPN. If IPv6 gets routed to your VPN service provider, all is OK. On the other hand, if they really silently discard that traffic, you’d have to wait for connection timeouts – only on second attempt, traffic would be re-tried as IPv4, because IPv6 is being tried first.

Yes, ProtonVPN isn’t to precise but when I check or my ipv6 is leaked… so I don’t think I’m “save”. maybe the ProtonVPN Applicationens solve this problem but they don’t have a sailfish app. And over openVPN my ipv6 seems to leak… i’m pretty sure it’s leaked so how could I solve this? I know disabling ipv6 isn’t the best way but I don’t see a different solution as long as I stick with ProtonVPN. Again thanks for your answer!

I’d try to experiment with your client configuration, e.g. by adding redirect-gateway ipv6 to it. Anyway, you should check your routes, for example by using ip -6 r.

I checked my routes now and this is the output:

Command: /sbin/route -A inet
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * U 0 0 0 vpn0 * U 0 0 0 vpn0
~VPN IP~ UGH 0 0 0 wlan0 * U 0 0 0 wlan0 * UH 0 0 0 wlan0

Command: /sbin/route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface * UA 256 8 0 wlan0
fe80::/64 * U 256 7 0 wlan0
*/0 fe80::cece:1eff:fe7a:dcd2 UGDA 1024 134 7 wlan0 * U 0 24 2 lo
fe80::3a78:62ff:fe5a:ebb3/128 * U 0 4 2 lo
ff00::/8 * U 256 7 2 wlan0

For this looks like the first one(ipv4) is fine(it’s the right ip) but the second one routes to my provider. I really don’t know much about this topic so please warn me before I publish private information. And where do I find the configuration file? Sorry I’m pretty new to VPNs

What about abusing the firewall?

Add a file 01-block-ipv6-firewall.conf to /etc/connman/firewall.d with content:



and 02-block-ipv6-firewall.conf with content:



After restarting connman (# systemctl restart connman), locally initiated outgoing IPv6 traffic should be blocked.

# ip6tables -nvL
Chain connman-OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0                
   15  1064 REJECT     all      *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Edit: Fix order of rules.

This seems to work for me. Thanks for your answers! I hope now the VPN works properly. Have a nice day and thanks again for your efford!