Enable block IPv6 traffice in the GlobalSettings.xml

Got a problem with Viscosity or need help? Ask here!

Rieder

Posts: 2
Joined: Thu Jan 14, 2021 10:24 pm

Post by Rieder » Thu Jan 14, 2021 10:34 pm
Hi

Is it possible to set the check mark for "Block IPv6 traffic" in the GlobalSettings.xml file? We push this out to all clients and would like to enable the block IPv6 option.

Eric

User avatar
Posts: 1046
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Jan 15, 2021 12:22 pm
Hi Rieder,

Yes it is. Simply set the option and copy it out of Settings.xml in %appdata%\Viscosity like any other setting. The setting is called "BlockIPv6" in the xml.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

asdffdsa6131

Posts: 23
Joined: Sat Feb 23, 2019 12:15 pm

Post by asdffdsa6131 » Fri Jan 29, 2021 11:42 am
hello,

i have this in the Settings.xml

<key>BlockIPv6</key>
<string>YES</string>

and for the tap adapter, i have disabled "Internet protocol version 6 (tcp/ipv6)"

yet, each time i connect the vpn, viscosity keeps re-enabling "Internet protocol version 6 (tcp/ipv6)"

i absolutely, positively do not want to have any ipv6 settings enabled.

how do i prevent this?

thanks,
david

Eric

User avatar
Posts: 1046
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Feb 01, 2021 9:18 am
Hi David,

If the server is pushing IPv6 information to setup, the IPv6 stack will be re-enabled when connecting. While TAP connections can have IPv6 disabled via Viscosity, I'm afraid TUN cannot, we also do not recommend it. Please post a copy of your log after connecting and we can see if there's anything we can recommend.

The BlockIPv6 command will only function if you have IPv6 connectivity on your local network connection.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

asdffdsa6131

Posts: 23
Joined: Sat Feb 23, 2019 12:15 pm

Post by asdffdsa6131 » Tue Feb 02, 2021 2:47 am
i have ipv6 disabled via
reg add HKLM\sYSTEM\currentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xFF /f

the network card for my lan has ipv6 disabled.

if i do an ipconfig, no ipv6 addresses are listed.
----------------------------
Ethernet adapter BUILTIN.WIRED:

Connection-specific DNS Suffix . : localdomain
IPv4 Address. . . . . . . . . . . : 192.168.62.234
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.62.1

Unknown adapter VPN.V.MV.US.ALL.HOME:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.10.0.7
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.10.0.1

--------------------------------

here the the log output
---------------
Feb 01 10:42:02 AM: State changed to Connecting
Feb 01 10:42:02 AM: Viscosity Windows 1.9 (1695)
Feb 01 10:42:02 AM: Running on Windows 10 2009 (19042) 64 bit
Feb 01 10:42:02 AM: Running on .NET Framework Version 4.8.04084.528372
Feb 01 10:42:02 AM: WARNING: The block-outside-dns option has been ignored as it is not required under Viscosity's DNS management system. For more information please see the following article: https://www.sparklabs.com/support/kb/ar ... n-ignored/
Feb 01 10:42:02 AM: Checking reachability status of connection...
Feb 01 10:42:02 AM: Connection is reachable. Starting connection attempt.
Feb 01 10:42:02 AM: Bringing up interface...
Feb 01 10:42:02 AM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Oct 6 2020
Feb 01 10:42:02 AM: library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Feb 01 10:42:05 AM: Valid endpoint found: 86.106.121.15:1196:udp
Feb 01 10:42:05 AM: TCP/UDP: Preserving recently used remote address: [AF_INET]86.106.121.15:1196
Feb 01 10:42:05 AM: Socket Buffers: R=[65536->524288] S=[65536->524288]
Feb 01 10:42:05 AM: UDP link local: (not bound)
Feb 01 10:42:05 AM: UDP link remote: [AF_INET]86.106.121.15:1196
Feb 01 10:42:05 AM: State changed to Authenticating
Feb 01 10:42:05 AM: TLS: Initial packet from [AF_INET]86.106.121.15:1196, sid=706bb1e0 1a1fc480
Feb 01 10:42:05 AM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Feb 01 10:42:05 AM: VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v3, emailAddress=[email protected]
Feb 01 10:42:05 AM: VERIFY KU OK
Feb 01 10:42:05 AM: Validating certificate extended key usage
Feb 01 10:42:05 AM: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb 01 10:42:05 AM: VERIFY EKU OK
Feb 01 10:42:05 AM: VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=us-nyc-211.mullvad.net, emailAddress=[email protected]
Feb 01 10:42:05 AM: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 01 10:42:05 AM: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Feb 01 10:42:05 AM: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
Feb 01 10:42:05 AM: [us-nyc-211.mullvad.net] Peer Connection Initiated with [AF_INET]86.106.121.15:1196
Feb 01 10:42:05 AM: State changed to Connecting
Feb 01 10:42:05 AM: SENT CONTROL [us-nyc-211.mullvad.net]: 'PUSH_REQUEST' (status=1)
Feb 01 10:42:06 AM: SENT CONTROL [us-nyc-211.mullvad.net]: 'PUSH_REQUEST' (status=1)
Feb 01 10:42:07 AM: SENT CONTROL [us-nyc-211.mullvad.net]: 'PUSH_REQUEST' (status=1)
Feb 01 10:42:07 AM: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.10.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1196::1005/64 fdda:d0d0:cafe:1196::,ifconfig 10.10.0.7 255.255.0.0,peer-id 5,cipher AES-256-GCM'
Feb 01 10:42:07 AM: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Feb 01 10:42:07 AM: OPTIONS IMPORT: compression parms modified
Feb 01 10:42:07 AM: OPTIONS IMPORT: --socket-flags option modified
Feb 01 10:42:07 AM: NOTE: setsockopt TCP_NODELAY=1 failed
Feb 01 10:42:07 AM: OPTIONS IMPORT: --ifconfig/up options modified
Feb 01 10:42:07 AM: OPTIONS IMPORT: route-related options modified
Feb 01 10:42:07 AM: OPTIONS IMPORT: peer-id set
Feb 01 10:42:07 AM: OPTIONS IMPORT: adjusting link_mtu to 1624
Feb 01 10:42:07 AM: OPTIONS IMPORT: data channel crypto options modified
Feb 01 10:42:07 AM: Data Channel: using negotiated cipher 'AES-256-GCM'
Feb 01 10:42:07 AM: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 01 10:42:07 AM: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 01 10:42:07 AM: interactive service msg_channel=0
Feb 01 10:42:07 AM: ROUTE_GATEWAY 192.168.62.1/255.255.255.0 I=13 HWADDR=48:2a:e3:2e:f6:d1
Feb 01 10:42:07 AM: Awaiting adapter to come up...
Feb 01 10:42:07 AM: WARNING: Failed to get IPv6 interface information for MTU. This warning can be ignored if this stack is disabled. Element not found
Feb 01 10:42:08 AM: TAP-WIN32 device [VPN.V.MV.US.ALL.HOME] opened: \\?\root#net#0001#{adda4c48-c32e-4ef6-9602-b3252f082583}, index: 17
Feb 01 10:42:08 AM: Waiting for DNS Setup to complete...
Feb 01 10:42:09 AM: Successful ARP Flush on interface [17] {8374414A-4AA0-4FFF-A967-D1AC5BE02432}
Feb 01 10:42:09 AM: add_route_ipv6(fdda:d0d0:cafe:1196::/64 -> fdda:d0d0:cafe:1196::1005 metric 0) dev VPN.V.MV.US.ALL.HOME
Feb 01 10:42:09 AM: Route addition via IPAPI failed. Fallback to netsh.exe
Feb 01 10:42:09 AM: ROUTE: IPv6 route addition failed using management: Element not found. [status=1168 if_index=17]
Feb 01 10:42:09 AM: TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Feb 01 10:42:09 AM: C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.0.0 10.10.0.1
Feb 01 10:42:09 AM: IPv4 Route addition via management succeeded
Feb 01 10:42:09 AM: Initialization Sequence Completed
Feb 01 10:42:09 AM: WARNING: Split DNS is being used however no DNS domains are present. The DNS server/s for this connection may not be used. For more information please see: https://www.sparklabs.com/support/kb/ar ... e-present/
Server - 192.168.62.1:53; Lookup Type - Any; Domains - localdomain.

Feb 01 10:42:09 AM: State changed to Connected
-----------------------------------------------

Eric

User avatar
Posts: 1046
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Feb 02, 2021 9:04 am
Hi asdffdsa6131,

This server is indeed pushing ipv6 configuration options. You will need to contact your VPN provider for a configuration that does not support IPv6, or you will need to filter out the IPv6 options with the pull-filter command to disable IPv6 - https://sparklabs.com/support/kb/articl ... ull-filter

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

asdffdsa6131

Posts: 23
Joined: Sat Feb 23, 2019 12:15 pm

Post by asdffdsa6131 » Tue Feb 02, 2021 10:47 am
ok. thanks much
7 posts Page 1 of 1