How to disable ipv6?

[JsBergbau]

In the docs https://github.com/eduvpn/documentation/blob/v2/PROFILE_CONFIG.md is the range6 config. The value there leads to ifconfig-ipv6 and ifconfig-ipv6-pool in the corresponding openvpn configuration.

What is the config value to omit both config lines in openvpn configuration and thus disabling assignment of ipv6 addresses entirely?

[ghost]

Hi!

(Un)fortunately it is not possible to (fully) disable IPv6. We decided to put IPv4 and IPv6 on equal ground from the start. That being said, you can drop all IPv6 traffic (on the VPN server) in case you don't want to provide IPv6 connectivity to your clients:

https://github.com/eduvpn/documentation/blob/v2/FIREWALL.md#reject-ipv6-client-traffic

[JsBergbau]

Thanks for your reply. I've also considerd blocking IPv6 via iptables, but wouldn't that have side effects? Clients trys IPv6 first and then notices that IPv6 is not possible and falls back to IPv4. Thus leads to more time required establishing the connection.

[ghost]

but wouldn't that have side effects? Clients trys IPv6 first and then notices that IPv6 is not possible and falls back to IPv4. Thus leads to more time required establishing the connection.

Some other ideas/remarks:

1. When the client has an ULA address, the OS will probably prefer IPv4 to connect to services that have both A and AAAA record in DNS;
2. If you are using "split tunnel", i.e. not route all (IPv4) traffic over the VPN, you can simply not push any IPv6 prefixes to be routed over the VPN;
3. "Happy eyeballs" (on macOS/iOS only?) might be smart enough to avoid slowdown in case both IPv4 and IPv6 are enabled, but one performs worse, or not at all.

I am still a bit torn here. On the one hand it would be nice to give admins the opportunity to disable IPv6 (or IPv4!), but on the other hand it is 2022 ;-)