hyperreal.coffee

Disable IPv6 on Debian

Edit /etc/sysctl.conf.

1net.ipv6.conf.all.disable_ipv6 = 1
2net.ipv6.conf.default.disable_ipv6 = 1
3net.ipv6.conf.lo.disable_ipv6 = 1

Apply the changes.

1sudo sysctl -p

Disable IPv6 on Fedora

1sudo grubby --args=ipv6.disable=1 --update-kernel=ALL
2sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Rename network interface when using systemd-networkd

Create a udev rule at /etc/udev/rules.d/70-my-net-names.rules.

1SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="your-mac-address", NAME="wlan0"

Using 70-my-net-names.rules as the filename ensures the rule is ordered before /usr/lib/udev/rules.d/80-net-setup-link.rules.

Connecting to WiFi network using systemd-networkd and wpa_supplicant

Create a file at /etc/wpa_supplicant/wpa_supplicant-wlan0.conf. Use wpa_passphrase to hash the passphrase.

1wpa_passphrase your-ssid your-ssid-passphrase | sudo tee -a /etc/wpa_supplicant/wpa_supplicant-wlan0.conf

Edit /etc/wpa_supplicant/wpa_supplicant-wlan0.conf.

 1ctrl_interface=/var/run/wpa_supplicant
 2ctrl_interface_group=0
 3update_config=1
 4
 5network={
 6  ssid="your-ssid"
 7  psk="your-hashed-ssid-passphrase"
 8  key_mgmt=WPA-PSK
 9  proto=WPA2
10  scan_ssid=1
11}

Create a file at /etc/systemd/network/25-wlan.network.

1[Match]
2Name=wlan0
3
4[Network]
5DHCP=ipv4

Enable and start the network services.

1sudo systemctl enable --now wpa_supplicant@wlan0.service
2sudo systemctl restart systemd-networkd.service
3sudo systemctl restart wpa_supplicant@wlan0.service

Check the interface status with ip a.

Use tailnet DNS and prevent DNS leaks

After the above WiFi interface is setup, disable IPv6 as per the above sections, and enable the Tailscale service.

1sudo systemctl enable --now tailscaled.service
2sudo tailscale up

Edit /etc/systemd/networkd/25-wlan.network again, and add the following contents.

 1[Match]
 2Name=wlan0
 3
 4[Network]
 5DHCP=ipv4
 6DNS=100.100.100.100
 7DNSSEC=allow-downgrade
 8
 9[DHCPv4]
10UseDNS=no

This will tell the wlan0 interface to use Tailscale’s MagicDNS, along with DNSSEC if it is available, and not to get the nameservers from the DHCPv4 connection.