Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
55
Views
0
Helpful
0
Replies

Blocking IPv6 with Linux client

craig5381
Level 1
Level 1

‎07-17-2024 07:54 PM

My work's IT does not have any IPv6 set up on their networks. They have the Cisco VPN configured with "Tunnel Mode (IPv6): Drop All Traffic".

On Windows, this works fine. While I have AnyConnect connected, it blocks all IPv6.

I also use AnyConnect or Cisco Secure Client in an Ubuntu 22.04 VM. It blocks all IPv6 too. However, DNS look-ups are still getting AAAA records as well as A records. So various things try to connect to IPv6 addresses, and then either timeout after ~15 to 60 s, or wait forever.

Looking at /etc/resolv.conf, I see that it lists both my work's DNS server, and the local systemd-resolv on 127.0.0.53. Perhaps the systemd-resolv one is still returning AAAA records.

I am able to "fix" this with the following work-around: Before connecting the Cisco client, I do the following:

sudo sysctl net.ipv6.conf.default.disable_ipv6=1

Then, when the Cisco client connects, the machine only uses IPv4. But sometimes I forget to do this, and various things don't work well.

It would be great if the Cisco client could be improved so this works automatically.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents