My work's IT does not have any IPv6 set up on their networks. They have the Cisco VPN configured with "Tunnel Mode (IPv6): Drop All Traffic".
On Windows, this works fine. While I have AnyConnect connected, it blocks all IPv6.
I also use AnyConnect or Cisco Secure Client in an Ubuntu 22.04 VM. It blocks all IPv6 too. However, DNS look-ups are still getting AAAA records as well as A records. So various things try to connect to IPv6 addresses, and then either timeout after ~15 to 60 s, or wait forever.
Looking at /etc/resolv.conf, I see that it lists both my work's DNS server, and the local systemd-resolv on 127.0.0.53. Perhaps the systemd-resolv one is still returning AAAA records.
I am able to "fix" this with the following work-around: Before connecting the Cisco client, I do the following:
sudo sysctl net.ipv6.conf.default.disable_ipv6=1
Then, when the Cisco client connects, the machine only uses IPv4. But sometimes I forget to do this, and various things don't work well.
It would be great if the Cisco client could be improved so this works automatically.