NordVPN on Librem 14

So in order to get NordVPN to work on the Librem 14, NordVPN suggests that I likely need to disable Internet Protocol version 6 (IPv6), the most recent version of the Internet Protocol, the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet, as was explained to me by them, as they do not support it.

Any reason this will negatively affect anything else on the laptop? Should I just forget NordVPN on the L14 and look for another VPN solution? It’s paid up until next August, but not the end of the world if I can’t use it.

Disabling IPv6 should not cause any issues elsewhere. In any case, you can enable or disable it whenever you want. Here’s a tutorial with 2 different methods to disable, and to re-enable: https://itsfoss.com/disable-ipv6-ubuntu-linux/

The author mentions vim text editor, but you might have a different one installed (probably nano). If you’re not sure, check the list of applications on your L14 and see what the text editor’s properties are; that should reveal the name. Just substitute this name into the command.

sudo nano..., sudo vim..., sudo xed..., etc. simply call up the contents of a text file used by the File System, so that it can be edited, appended, etc., with administrator privilege.

So, to modify the /etc/sysctl.conf file, the complete command to call up the file would be: sudo nano /etc/sysctl.conf (or substitute the name of your installed text editor).

2 Likes

P.S. In the terminal, you’ll have to use the arrow keys, delete, and backspace to position the cursor to make changes. Be extra careful not to alter anything else. When done use the legend at the bottom to exit and save. Just write over the existing file. If you want to be extra, extra careful, you can first find said file in the etc directory of the File System, make a copy of it, and place it, say, in your Home directory temporarily, just in case you mess up the file you’re working on. Then you can delete the bad one and return the good one to etc to get back to the previous state.

1 Like

This is waffle from NordVPN.

Let me simplify that: in order to use NordVPN (on any computer), disable IPv6, because they don’t support it.

If you intend to use a VPN for privacy and that is what they are advising then you definitely should do as they advise - otherwise an application may use IPv6 and bypass the VPN and expose you directly to the internet.

I don’t think this issue is by any means limited to NordVPN.

Depends.

For the average user, you probably won’t notice at all.

For me, I would be foaming at the mouth if I had to disable IPv6.

1 Like

Slightly off topic, but why would you be foaming at the mouth if you had to disable IPv6?

1 Like

My VPN provider does not support IPv6 either. In my travels, I have found most do not, though some have been promising support for a long time. I have not noticed anything missing.

In my limited knowledge, only Mullvad offers support. (Not a recommendation, just a comment.)

1 Like

AirVPN does, too, but I keep IPv6 disabled anyway.

Why don’t they support IPv6? This protocol is from the 90s, thought.

Late 90s as a draft, but it was not approved then.

At this point, my guess is that VPN companies have just not “had to” support it yet. Because of this thread, I did a little recent searching and found more VPNs supporting IPv6. Maybe this situation is changing.

I am not an expert in this, but I think there had been some privacy concerns. As I understand it, IPv6 provides enough addresses where basically each device gets its own, i.e. there is no need for constant changing of IP addresses. Being able to identify a specific device and location defeats one of the purposes of a VPN, and these companies found implementing tunneling difficult.

2 Likes

Because I do a lot of network troubleshooting and having no IPv6 would be a significant style cramper. I expect to be able to do end-to-end IPv6.

That’s not entirely the point though. The point of the VPN is that to the outside world, to the internet, your traffic originates with the VPN provider and your IP address as seen by the outside world is that assigned to and by the VPN provider (not the IP address assigned to and by your ISP). Conceptually that works just as well with IPv6 as it does with IPv4.

A VPN provider that supports IPv6 would have to be careful not just to assign you the same IPv6 address every time you connect to the VPN service. A VPN provider that supports IPv6 might also want to take care to enforce IPv6 address reuse across different customers over time.

IPv6 is more fun because not only can every device have its own IP address, every device can have a zillion IP addresses, so most (privacy-concerned) IPv6 users get a new random IPv6 address every X hours (when not using a VPN so that they themselves are determining the IP address). So you can have your own IP address but it is not the same IP address all the time even within a fairly limited amount of time. (For clarity, the top 64 bits of the IPv6 address typically won’t change but the bottom 64 bits will randomize every X hours.)

In the original specification, the top 64 bits might have been assigned by your ISP and the bottom 64 bits might have been derived trivially from your MAC address, and this address is globally unique, globally visible and unchanging, so there was a significant deterioration in privacy as compared with IPv4! You can of course still do that but I think for quite some years Linux out of the box defaults to the more private address-randomizing option.

1 Like

Thanks for the explanations. I thought there was a bit more involved than substituting the IP address.

I do hope the support changes soon. My previous VPN service promised support for a long time; I cannot even find a roadmap on my current one.

Thanks for all the great information I’m not very well versed on VPNs, I always wonder just how often they are changing the IP address? Automatically? Every time a browser is open? Every time the unit is powered off and on?

Mainly when using a VPN, you choose the provider’s server and/or location at will. For instance, AIRVPN has dozens of servers around the world, so if I choose, say, one of the available servers in Miami, I will be connecting through its associated IP address, and remain connected to that IP address for the duration of the session. I can always disconnect, then reconnect to a different server in the same or different city/country as I wish.

I don’t know whether every VPN provider uses static, or dynamic, IP addresses, but once you’re connected to one, that’s your apparent IP address for the duration of the connection.

1 Like

So I shouldn’t connect once and forget about it I should disconnect and reconnect as often as I can think about it?

It depends on your threat model. :laughing:
And on how much you want to inconvenience yourself. Switching servers mid-session may require closing your browsers, email client, etc., as the VPN service probably has protection against loss of connection. This is in order to not reveal your actual IP address to any websites you happen to be on at the time of loss of connection. So it requires restarting the browser or email client after you change the connection.

Or just swapping the country connection? On the NordVPN main menu I can just click on Switzerland for example and it will then connect there from a previous location such as the US. Doesn’t seem to specify city, you just let it connect to the fastest connection it finds.

I was curious because I always wondered how often the given assigned IP address changes. Seems like I should do it manually once or twice a day at least.

My previous VPN had a setting to change the address periodically, but my current one does not.

Perhaps I am misunderstanding the point you are making, but I asked a friend who uses NordVPN. He said that one can select specific cities using their map, rather than the menu. Plus, with a recent update, the name of the city appears rather than a number.

I will look again, and this on iOS as well.

Oops. It did not occur to me that the clients could be different for each OS, even though mine are. What I wrote may not apply to Linux or iOS, but it is still worth looking at. Sorry, if I put you on a wild goose chase.

1 Like

No problem I will still check. There may be options in a menu I haven’t seen.